TOKEN Menu Functions

#	Function	Description
(1)	Open Session	Before you can manipulate objects or perform cryptographic operations on a token, you must have an open session on that token. This command prompts you for the number of the slot on which to open the new session. By default, an exclusive, Read/Write session is opened. If you would like to open a read only or non-exclusive session, you must use the (98) Options function and specify that you want to be prompted for session types.
(2)	Close Session	Once you are finished using a session, the session should be closed. The (2) Close Session function allows you to close a single session, or to close all the sessions on a specific token.
(3)	Login	Once a session is opened, you usually log on to the token. You have a choice between logging on as: > Partition SO (PO) - initialize other roles and do partition administration operations, unblock blocked PKA keys >Crypto Officer (CO) - created by SO, can perform crypto operations including creating/deleting/ backing up keys >Limited Crypto Officer (LCO) - created by CO, can generate/delete keys, SIMExtract/SIMInsert, derive and wrap/unwrap (part of Per Key Authorization), cannot unblock >Crypto User (CU) - created by CO, read-only crypto operations
(4)	Logout	When you are finished with the token, you should first log out, then close the session.
(5)	Change PIN	(Not for Luna Network HSM 7) This option lets you change the logon password (the PIN) of the currently logged in user. You must supply both the old PIN and the new PIN to complete the operation.
(6)	Init Token	(Not for Luna Network HSM 7) This option allows you to reset a token to its initial state. You are prompted for the following: >The slot containing the token to be initialized >The token label (which is simply a text string that you can use for Token Identification) >A new password for the Partition SO Token initialization performs the following actions: >Wipes out any token objects (Keys, certificates, etc) >Clears the user PIN (so that it must be reset by the Partition SO) >Sets the SO PIN to the value that you have specified
(7)	Init PIN	(Not for Luna Network HSM 7) This command is used to create a user (and thus overwrites an existing user) and is run when you are logged in as the Partition SO.
(8)	Mechanism List	This option gives a list of all the encryption/authentication/hashing/key-generation mechanisms supported by the token. If you want to know if the token supports a specific type of encryption, you can check for it in the mechanism list.
(9)	Mechanism Info	This option allows you to query a specific mechanism to find such information as supported key sizes. You are asked for the Mechanism type, which is a numeric value representing the mechanism (these numeric values are given when you request a mechanism list).
(10)	Get Info	This option returns basic information on the Dynamic Library that is being used to talk to the token. None of this information is token specific, and it can be viewed even if there is no token present.
(11)	Slot Info	This option gives specific information on a card slot. The slot description and slot ID are given, as well as some flags to represent if a token is present.
(12)	Token Info	This option gives information on a token in a specific slot, including the following: >Token Label >Token Manufacturer >Token Model >Token Flags > Session Count >Min and Max PIN Lengths >Private memory size/free >Public memory size/free
(13)	Session Info	This option gives information on an open session. You must have at least one session opened to query session information. For a particular session you can find the session handle, the slot ID, the session state, and any associated session flags.
(14)	Get Slot List	This option returns a list of card slots available on the system. You are given the option to view all slots, or just the slots which contain tokens.
(15)	Wait for Slot Event	Runs CK_WaitforSlotEvent (from PKCS#11 Extensions).
(18)	Factory Reset	This option resets the HSM to its factory settings.
(19)	Clone MofN	(Not for Luna Network HSM 7) Copy a clonable secret-splitting vector from one token to another.
(33)	Token Insert	(For Luna USB HSM 7) This option signals the HSM or local workstation that a token will be inserted. Insert the token to begin performing operations with it.
(34)	Token Delete	(For Luna USB HSM 7) This option deletes the token in a specific slot.
(36)	Show Roles	This option lists the roles currently configured on the token in a specific slot.
(37)	Show Role Configuration Policies	This option lists the role configuration policies currently in effect for the named role on the token in a specific slot.
(38)	Show Role State	This option shows the state of the named role. Information given includes: >Primary authentication type >Secondary authentication type >Failed login attempts before lockout >Failed change password attempts before lockout (only shown when using Luna Appliance Software 7.7.0 and newer, Luna HSM Firmware 7.7.0 and newer, and Luna HSM Client 10.3.0 and newer) >Init status
(39)	Get OUID	This option retrieves the OUID (Object Unique Identifier) of a token in a specific slot.
(58)	HSM Zeroize	This option zeroizes the HSM, removing all partitions and keys. HSM zeroization does not destroy the RPV or Auditor role.
(59)	Token Zeroize	This option zeroizes the token in a specific slot, removing all keys and objects.

(1)

Open Session

Before you can manipulate objects or perform cryptographic operations on a token, you must have an open session on that token. This command prompts you for the number of the slot on which to open the new session. By default, an exclusive, Read/Write session is opened. If you would like to open a read only or non-exclusive session, you must use the (98) Options function and specify that you want to be prompted for session types.

(2)

Close Session

Once you are finished using a session, the session should be closed. The (2) Close Session function allows you to close a single session, or to close all the sessions on a specific token.

(3)

Login

Once a session is opened, you usually log on to the token. You have a choice between logging on as:

> Partition SO (PO) - initialize other roles and do partition administration operations, unblock blocked PKA keys

>Crypto Officer (CO) - created by SO, can perform crypto operations including creating/deleting/ backing up keys

>Limited Crypto Officer (LCO) - created by CO, can generate/delete keys, SIMExtract/SIMInsert, derive and wrap/unwrap (part of Per Key Authorization), cannot unblock

>Crypto User (CU) - created by CO, read-only crypto operations

(4)

Logout

When you are finished with the token, you should first log out, then close the session.

(5)

Change PIN

(Not for Luna Network HSM 7) This option lets you change the logon password (the PIN) of the currently logged in user. You must supply both the old PIN and the new PIN to complete the operation.

(6)

Init Token

(Not for Luna Network HSM 7) This option allows you to reset a token to its initial state. You are prompted for the following:

>The slot containing the token to be initialized

>The token label (which is simply a text string that you can use for Token Identification)

>A new password for the Partition SO

Token initialization performs the following actions:

>Wipes out any token objects (Keys, certificates, etc)

>Clears the user PIN (so that it must be reset by the Partition SO)

>Sets the SO PIN to the value that you have specified

(7)

Init PIN

(Not for Luna Network HSM 7) This command is used to create a user (and thus overwrites an existing user) and is run when you are logged in as the Partition SO.

(8)

Mechanism List

This option gives a list of all the encryption/authentication/hashing/key-generation mechanisms supported by the token. If you want to know if the token supports a specific type of encryption, you can check for it in the mechanism list.

(9)

Mechanism Info

This option allows you to query a specific mechanism to find such information as supported key sizes. You are asked for the Mechanism type, which is a numeric value representing the mechanism (these numeric values are given when you request a mechanism list).

(10)

Get Info

This option returns basic information on the Dynamic Library that is being used to talk to the token. None of this information is token specific, and it can be viewed even if there is no token present.

(11)

Slot Info

This option gives specific information on a card slot. The slot description and slot ID are given, as well as some flags to represent if a token is present.

(12)

Token Info

This option gives information on a token in a specific slot, including the following:

>Token Label

>Token Manufacturer

>Token Model

>Token Flags

> Session Count

>Min and Max PIN Lengths

>Private memory size/free

>Public memory size/free

(13)

Session Info

This option gives information on an open session. You must have at least one session opened to query session information. For a particular session you can find the session handle, the slot ID, the session state, and any associated session flags.

(14)

Get Slot List

This option returns a list of card slots available on the system. You are given the option to view all slots, or just the slots which contain tokens.

(15)

Wait for Slot Event

Runs CK_WaitforSlotEvent (from PKCS#11 Extensions).

(18)

Factory Reset

This option resets the HSM to its factory settings.

(19)

Clone MofN

(Not for Luna Network HSM 7) Copy a clonable secret-splitting vector from one token to another.

(33)

Token Insert

(For Luna USB HSM 7) This option signals the HSM or local workstation that a token will be inserted. Insert the token to begin performing operations with it.

(34)

Token Delete

(For Luna USB HSM 7) This option deletes the token in a specific slot.

(36)

Show Roles

This option lists the roles currently configured on the token in a specific slot.

(37)

Show Role Configuration Policies

This option lists the role configuration policies currently in effect for the named role on the token in a specific slot.

(38)

Show Role State

This option shows the state of the named role. Information given includes:

>Primary authentication type

>Secondary authentication type

>Failed login attempts before lockout

>Failed change password attempts before lockout (only shown when using Luna Appliance Software 7.7.0 and newer, Luna HSM Firmware 7.7.0 and newer, and Luna HSM Client 10.3.0 and newer)

>Init status

(39)

Get OUID

This option retrieves the OUID (Object Unique Identifier) of a token in a specific slot.

(58)

HSM Zeroize

This option zeroizes the HSM, removing all partitions and keys. HSM zeroization does not destroy the RPV or Auditor role.

(59)

Token Zeroize

This option zeroizes the token in a specific slot, removing all keys and objects.



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-05-03 15:32:49 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information