role recoveryinit
Initialize the current role for Recovery Login by creating an HA RSA key pair.
See also CKDemo HIGH AVAILABILITY RECOVERY Menu Functions.
NOTE Labels are required only to create a RecoveryLogin RSA key pair, which is the default action if [keyhandle] is not supplied.
If an allowed user role name is not specified and Partition is version zero (v0), then HA Login v 1.1 is set up, otherwise HA Login version 2.0 is set up.
NOTE This command is not applicable on DPoD Luna Cloud HSM services.
Syntax
role recoveryinit [-revoke] [-plabel <string>] [-rlabel <string>] [-keyhandle <number>] [-publicKeyCertificate <number>] [-name <string>[,<string>]] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -revoke | -r | Revoke recovery credential. |
| -plabel <string> | -pl | RSA Public key label. |
| -rlabel <string> | -rl | RSA Private key label. |
| -keyhandle <number> | -kh | RSA Private key handle (optional). |
| -publicKeyCertificate <number> | -pkc | [Slot#] containing RSA private key handle against which to generate PKC. Current slot or given slot#. |
| -name <name string> | -n | User's role name allowed to log in the secondary Token). |
| -force | -f | Force action (useful for scripting). |
Example
lunacm:>role recoveryinit -plabel SOpub -rlabel SOpriv
Generating RSA Key pair for Recovery Init...
'SO' in slot 103 has been Recovery Initialized
with key handle 37.
Command Result : No Error
