PSKC File Import

To import hardware token data into the database, use the API that is exposed by the (TokenAdminApi) module. This API consumes files and supports TOTP and HOTP tokens.

Security

PSKC files contains sensitive data and should be protected.

PRIVATE KEYS

Encryption is a part of the PSKC standard. Location of secret keys need to be added via the server configuration before encrypted PSKC files can be handled. Location of private keys is a configuration parameter in the TokensDb module and the secret_key_directory parameter, see module for more information. Make sure that no unauthorised access is possible to the directory where the secret keys reside.

IN FLIGHT

Protect the file while being uploaded to the Token Admin API by enabling TLS.

AT REST

The uploaded file ends up in the upload directory on the server. Make sure that no unauthorized access is possible to this directory.

After the import is completed (or failed), the system deletes the imported file, and emits a to indicate that the file was successfully deleted. Failure of this log message to appear means that the file might remain in the upload directory and indicates a possible security threat. In that case, the file should be manually deleted.