Luna HSM Firmware 7.9.3
Luna HSM firmware 7.9.3 was released in April 2026. It includes bug fixes and improvements.
>Download Luna HSM Firmware 7.9.3 for Luna Network HSM 7
NOTE This package requires minimum Luna Appliance Software 7.9.0.
CAUTION! Read the Advisory Notes before installing this update, to be aware of important changes that may require your attention.
New Features and Enhancements
Luna HSM firmware 7.9.3 includes the following new features and enhancements:
Additional HMAC Support in CKM_PKCS5_PBKD2
The following Hash-based Message Authentication Code Pseudorandom Functions are now available for use with CKM_PKCS5_PBKD2
>HMAC_SHA224
>HMAC_SHA256
>HMAC_SHA384
>HMAC_SHA512
They are visible as parameter options in CKDemo when choosing action 64 PBE Key Gen with Luna HSM Firmware 7.9.3 and newer, and with Luna HSM Client 10.9.3 and newer. See PKCS5_PBKD2 with SHA2.
Requires Luna HSM Firmware 7.9.3 or newer and optionally uses Luna HSM Client 10.9.3 or newer for updated client-side tool selections.
AES GCM Handles Decryptions Greater than 64KB
AES GCM decryption on Luna HSM 7, using Luna HSM Firmware 7.9.3 and newer, can accept input messages of size greater than 64KB. The increase is transparent, requiring no change in command usage. Requires both Luna HSM Firmware 7.9.3 or newer and Luna HSM Client 10.9.3 or newer. See Advisory Notes.
CKM_AES_KW can be used with and without VALUE_LEN
In compliance with PKCS#11 v2.40, v3.1 and v3.2, the AES key wrap (CKM_AES_KW) the HSM operation requires the CKA_VALUE_LEN attribute. This has been the functionality in Luna HSMs.
PKCS#11 v3.0 deviates from that trend and CKA_VALUE_LEN is not needed for AES Key Wrap — the size can be inferred from the wrapped data itself. Using Luna HSM Firmware 7.9.3 or newer and Luna HSM Client 10.9.3 or newer, either option can be selected. See Using CKM_AES_KW with and without VALUE_LEN.
Requires Luna HSM Firmware 7.9.3 or newer and optionally uses Luna HSM Client 10.9.3 or newer for updated client-side tool selections.
Selectable IV length for AES-GCM
When generating an AES-GCM key [such as when using option 40 in CKDemo], IV length can be modified [example in CKDemo selecting ( 98) Options, and then option 29] to alternate between:
>"Default" (which remains 16 bytes for continuity with previous behavior) and
>"Selectable", for added flexibility.
Requires Luna HSM Firmware 7.9.3 or newer and optionally uses Luna HSM Client 10.9.3 or newer for updated client-side tool selections.
Valid Update Paths
You can update the Luna HSM firmware to version 7.9.2 from the following previous versions:
>7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.2.0, 7.3.0, 7.3.3, 7.4.0, 7.4.1
CAUTION! Do Not Update Directly From Luna HSM Firmware 7.7.2; this update path is not supported.
Advisory Notes
This section highlights important issues you should be aware of before deploying HSM firmware 7.9.3.
AES GCM Decryptions Limit
Messages submitted to AES GCM decryption using Luna HSM Firmware 7.9.3 or newer, can be a maximum of 512MB minus 32 bytes in size. This also applies to messages presented as input to AES GCM encryption; attempting to encrypt a larger message is not permitted.
AES GCM Decryption Slower in FIPS 140 Configuration for >64KB
The FIPS 140 configuration setting requires that a large encrypted message, which is automatically divided into 64KB chunks for decryption, does not expose any of the pieces in plaintext before reassembly as the complete decrypted version. When FIPS 140 configuration is enabled, any object or message larger than 64KB is processed in a way that keeps all packets securely encrypted until the final one is received. This decreases potential attack options, but can increase decryption time for larger messages. Existing commands and calls are unchanged from the user perspective - the HSM determines what is needed, based on the FIPS 140 setting and the size of your message. Applies to Luna HSM Firmware 7.9.3 and newer and Luna HSM Client 10.9.3 and newer.
Change to How AES GCM Multipart Encryption Works
Previous behavior:
AES GCM multipart behavior prior to Luna HSM Firmware 7.9.3 was:
>C_EncryptUpdate does not return any encrypted data, it just accumulates all data
>C_EncryptFinal returns the whole ciphertext along with tag bits and IV (if any) generated by firmware.
>In FIPS 140 configuration, the IV generated by the HSM is always 16 bytes.
Change:
Using Luna HSM Firmware 7.9.3 or newer, AES GCM multipart behavior has changed.
>C_EncryptUpdate returns encrypted data up to n block size and only accumulates data < 16 bytes (block size). As soon as at least one block size is encrypted, C_EncryptUpdate immediately sends the data back.
>C_EncryptFinal returns any accumulated ciphertext, tag bits and IV (if any) generated by FW.
>In FIPS 140 configuration, IV generated by firmware is variable from 12 bytes to 16 bytes based on ulIvBits parameter in GCM Params.
Effects on JSP usage
Your application might need adjustment.
For AES GCM Cipher instance,
>Cipher.update(data); now returns encrypted chunk, as opposed to previous action, which was to return null. If no data has yet accumulated and 'data' is less than 16 bytes (block size), null is returned, but as soon as there is at least one block size of data accumulated, this call returns that chunk of ciphertext.
>Cipher.doFinal(); returns only any accumulated ciphertext and tag bits, as opposed to whole ciphertext previously.
Change to secp256k1 Curve Acceleration
Luna HSM Firmware 7.8.7 optimized keygen, sign, and verify operation performance with various algorithms using curve secp256k1 (curve 10 in the multitoken utility), yielding a performance increase, depending on parameter selections and other factors.
Using Luna HSM Firmware 7.9.3 or newer, that acceleration is disabled only when the HSM or a partition is in FIPS 140 approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
When FIPS 140 approved configuration is not asserted, the curve performance enhancement remains in effect.
NOTE BIP32 or SLIP10 master/child key generation using secp256k1 are not allowed in FIPS 140 approved configuration generally, so their performance is not affected.
Backup and Restore constraints
When backing-up partition contents to a Luna Backup HSM 7 at firmware version 7.7.3 or older:
>Non-PQC keys (AES, RSA, etc.) are backed up and restored.
If a PQC key cannot be backed up, an error (CKR_ATTRIBUTE_TYPE_INVALID or CKR_KEY_TYPE_INCONSISTENT) is shown and those keys are skipped.
>HSS/LMS private keys, by design (to NIST requirements), cannot be cloned or included in encrypted SKS blobs, and therefore cannot be backed-up in any way
>Other PQC keys (ML-KEM private and public, and ML-DSA private and public, and HSS/LMS public) are backed-up from V1 partitions, because V1 partition backups are stored as encrypted blobs and individual keys are not examined.
>Other PQC keys (ML-KEM, and ML-DSA, and HSS/LMS public) are not backed-up from V0 partitions, as all keys are individually examined, and Luna Backup HSM 7 Firmware 7.7.3 and older do not recognize PQC keys.
>Similarly, from pre-PQC algorithms and key-types, SLIP10 keys are not backed up from V0 partitions
FIPS Changes in Luna HSM Firmware 7.9.0 and Newer
New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
RSA Key Pair Generation Mechanisms for FIPS 186-3 Allow 6144- and 8192-Bit Keys
Using the following mechanisms, you can now generate 6144-bit and 8192-bit RSA keypairs in FIPS approved configuration:
>CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN
>CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN
New Partition Policy Allows Signature Verification with ECDSA and RSA
A new partition policy 45: Allow ECDSA/RSA Prehash SigVer enables a prehash operation that allows mechanisms that do not have a hash function to perform verification. With this policy enabled, the following mechanisms are now permitted to perform verification in FIPS approved configuration:
FIPS Changes in Luna HSM Firmware 7.8.9 and Newer
New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
Mechanisms that are now available in FIPS 140 approved configuration
The following mechanisms are now available for use in FIPS 140 approved configuration (formerly FIPS mode):
Mechanisms no longer available in FIPS 140 approved configuration
The following mechanism is now restricted from use in FIPS 140 approved configuration (formerly FIPS mode):
>CKM_EC_MONTGOMERY_KEY_PAIR_GEN
Mechanisms now check for approved EC curves in FIPS 140 approved configuration
The following mechanisms now verify that the specified EC curve is FIPS-approved, and reject operations that specify non-approved curves:
>CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS
Allowed Elliptic Curves
| Curve Name | Mechanisms | Curve Field Type | Security Strength | Permitted Operations | ||
|---|---|---|---|---|---|---|
| Sign | Verify | Derive | ||||
| B-233 |
ECDSA, EC key Thales terminology |
Binary Field – GF(2m) | 112-bits | X | X | X |
| B-283 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 128-bits | X | X | X |
| B-409 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 192-bits | X | X | X |
| B-571 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 256-bits | X | X | X |
| K-233 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 112-bits | X | X | X |
| K-283 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 128-bits | X | X | X |
| K-409 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 192-bits | X | X | X |
| K-571 | ECDSA, EC key establishment |
Binary Field – GF(2m) | 256-bits | X | X | X |
| P-244 | ECDSA, EC key establishment |
Prime field – GF(p) | 112-bits | X | X | X |
| P-256 | ECDSA, EC key establishment |
Prime field – GF(p) | 128-bits | X | X | X |
| P-384 | ECDSA, EC key establishment |
Prime field – GF(p) | 192-bits | X | X | X |
| P-521 | ECDSA, EC key establishment |
Prime field – GF(p) | 256-bits | X | X | X |
| Edwards448 | EdDSA |
Prime field – GF(p) | 224-bits | X | X | X |
| Edwards25519 | EdDSA |
Prime field – GF(p) | 128-bits | X | X | X |
| Brainpool P512r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 256-bits | X | X | X |
| Brainpool P512t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 256-bits | X | X | X |
| Brainpool P-384r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 192-bits | X | X | X |
| Brainpool P-384t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 192-bits | X | X | X |
| Brainpool P320r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 160-bits | X | X | X |
| Brainpool P320t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 160-bits | X | X | X |
| secp256k1 | Blockchain | Prime field – GF(p) | 128-bits | X | X | no* |
| Brainpool P-256r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 128-bits | X | X | X |
| Brainpool P-256t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 128-bits | X | X | X |
| Brainpool P-224r1 | ECDSA, EC key establishment |
Prime field – GF(p) | 112-bits | X | X | X |
| Brainpool P-224t1 | ECDSA, EC key establishment |
Prime field – GF(p) | 112-bits | X | X | X |
The above table applies to Luna HSM Firmware 7.8.9 and newer.
*The secp256k1 (BIP32) curve cannot be used for ECDH or ECIES derivation in FIPS 140 approved configuration.
FIPS Changes in Luna HSM Firmware 7.8.7 and Newer
New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
Mechanisms no longer available in FIPS 140 approved configuration
The following mechanisms are now restricted from use in FIPS 140 approved configuration:
Mechanisms not permitted to sign objects in FIPS 140 approved configuration
The following mechanisms are not permitted to sign objects in FIPS 140 approved configuration:
Do Not Update Directly From Luna HSM Firmware 7.7.2
Luna HSM Firmware 7.7.2 must not be updated directly to Luna HSM Firmware 7.8.4 or newer, or unexpected problems may occur. If you are updating from Luna HSM Firmware 7.7.2, you must first install
>Luna HSM Firmware 7.8.2 (included with Luna Appliance Software 7.8.3)
Performance Issue With REST API and CCC Requires Patch
Using Luna HSM Firmware 7.8.4 and newer, using REST API calls to administer partitions can significantly reduce the performance of cryptographic operations over time. This issue can also affect customers using Crypto Command Center (CCC). This requires a patch to the Luna REST API. Install the correct patch for your appliance software version:
>Luna Network HSM 7.8.5-20 Appliance REST API Patch
>Luna Network HSM 7.8.4-350 Appliance REST API Patch
Luna HSM Firmware 7.8.4 or Newer Requires Luna HSM Client 10.3.0 or Newer
Changes in Luna HSM Firmware 7.8.4 and newer require update to
One-Step NTLS Connections Require Update to Luna HSM Client 10.7.0 Components
Luna HSM Firmware 7.9.3 and newer includes changes that require an update to the pscp and plink utilities. If you plan to use the One-Step NTLS Connection Procedure to establish client connections to your appliance, either update the client software to Luna HSM Client 10.7.0 or newer, or replace the pscp and plink utilities in your older client installation with the versions included with Luna HSM Client 10.7.0 or newer.
STC Connections Require Update to Luna HSM Client 10.7.0 or Newer
Luna HSM Firmware 7.9.3 and newer includes changes that require an update to the client software for some functions. If you are using Secure Trusted Channel connections to access your partitions, update your client software to Luna HSM Client 10.7.0 or newer before updating to Luna HSM Firmware 7.9.3 or newer.
FIPS Changes in Luna HSM Firmware 7.8.4 and Newer
New restrictions have been added to some mechanisms when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
Mechanisms not permitted to encrypt objects in FIPS mode
The following mechanisms are not permitted to encrypt objects in FIPS mode:
Mechanisms no longer available in FIPS approved configuration
The following encryption mechanisms are no longer available in FIPS approved configuration:
DES3 encryption not permitted using ECIES mechanisms
DES3 encryption is now blocked using the following ECIES mechanisms:
HMAC mechanisms not permitted to sign using DES3 keys
The following HMAC mechanisms are blocked from using a DES3 key for signing:
Mechanisms not permitted to sign objects
The following mechanisms are not permitted to sign objects:
CKM_RSA_PKCS not permitted to decrypt/unwrap objects
To comply with FIPS 140-3 requirements, RSA-based key transport schemes that use only PKCS#1-v1.5 padding are disallowed. Therefore, CKM_RSA_PKCS is now restricted from performing decrypt/unwrap operations.
NOTE When the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
3DES usage counter has been removed
The 3DES usage counter attribute (CKA_BYTES_REMAINING) has been removed in Luna HSM Firmware 7.8.4 and newer, to comply with FIPS 140-3 requirements. This attribute is now ignored on any keys where it is already set.
FIPS Changes in Luna HSM Firmware 7.8.0 and Newer
The following mechanism is now restricted from use when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
FIPS Changes in Luna HSM Firmware 7.7.2 and Newer
The following mechanisms have new operation restrictions when the HSM or partition is in FIPS approved configuration (HSM policy 12: Allow non-FIPS algorithms or partition policy 43: Allow non-FIPS algorithms set to
>CKM_RSA_PKCS: cannot encrypt | Cannot legacy decrypt | Cannot legacy unwrap
>CKM_RSA_PKCS_OAEP: Cannot legacy decrypt | Cannot legacy unwrap
NOTE This page lists FIPS-related changes made since the last FIPS-validated firmware release. For a comprehensive list of changes across all released versions of the Luna HSM firmware, see Changes to Mechanisms and Operations in FIPS 140 Approved Configuration by Firmware Version. Refer to this section if you are updating from a firmware version that is older than the last FIPS-validated version.
Minimum Password Length is Increased to 8 Characters
Luna HSM Firmware 7.7.2 and newer enforces minimum 8-character passwords and challenge secrets, to comply with FIPS requirements. The previous limit was 7 characters. If you were using a 7-character password prior to upgrading the firmware, that password continues to work. Future password changes will use the new 8-character minimum.
If you have an existing HA group whose member partitions use a 7-character password/challenge secret, you must change all members to use a minimum 8-character password before adding a new member that uses Luna HSM Firmware 7.7.2 or newer.
Partition policy to control the use of DigestKey is added
Partition capability/policy 9: Allow DigestKey is added with Luna HSM Firmware 7.8.0; it controls the possibility of final keys being derived outside of the HSM. The policy defaults to OFF, which is the more secure option. Previously, DigestKey was always allowed, and this new policy provides choice for those who do not need the option, as well as for those who do need it.
NOTE Partition Policy 9 is destructive when switched OFF-to-ON, so have any partition contents backed up before you update HSM firmware. After update from any firmware prior to version 7.8.0, if you require this ability, you can switch the policy ON and then restore your material to the partition and resume using your application.
RSA Keygen Mechanism Remapping on Luna 7.7.1 or Newer Partitions Requires Minimum Luna HSM Client 10.4.0
Luna HSM Firmware 7.7.1 or newer partitions that have been individually set to FIPS mode using the new partition policy 43 require Luna HSM Client 10.4.0 or newer to automatically remap older RSA mechanisms as described in RSA Mechanism Remap for FIPS Compliance.
Special Considerations for Luna HSM Firmware 7.7.0 and Newer
Luna HSM Firmware 7.7.0 introduces new capabilities, features, and other significant changes that affect the operation of the HSM. Due to some of these changes, you must be aware of some special considerations before updating to Luna HSM Firmware 7.7.0 or newer. For more information, refer to Special Considerations for Luna HSM Firmware 7.7.0 and Newer before proceeding with the update.
3DES Usage Counter
For Luna HSM Firmware 7.7.0 and newer, triple-DES keys have a usage counter that limits each key instance to encrypting a maximum of 2^16 8-byte blocks of data when the HSM is in FIPS mode (HSM policy 12: Allow non-FIPS algorithms is set to 0). When the counter runs out for a key instance, that key instance can no longer be used for encryption or wrapping or deriving or signing, but can still be used for decrypting and unwrapping and verifying pre-existing objects.
The CKA_BYTES_REMAINING attribute is available when HSM policy 12: Allow non-FIPS algorithms is set to 0, but cannot be viewed if that policy is set to 1.
The attribute is preserved during backup/restore using a Luna Backup HSM 7; restoring puts the counter back to whatever value it had before backup.
The attribute is not preserved through backup/restore using a Luna Backup HSM G5; restoring sets the counter to like-new state (no usage).
