srk enable

Enable external tamper keys. This command enables the use of external split(s) of the SRV (secure recovery vector) on purple PED keys (SRK). The external split is brought from the HSM to a purple key, and erased from the HSM, leaving only one split on the HSM. When SRK is enabled:

>Secure Transport Mode can be set.

> Any tamper event that is detected by the HSM stops the HSM until you restart and perform "srk recover". The "srk recover" operation makes the externally provided split (from the purple key) available to combine with the internal split, allowing the MTK to be recreated. The MTK is destroyed by a tamper (or by setting STM), and cannot be recreated until both splits are available (if SRK is enabled).

The Backup HSM SO must be logged in to the HSM to issue this command.

The PED must be connected, and you must present "new" purple PED keys when prompted. "New" in this case, means a purple PED key that is literally new, or a PED key that has been used for another purpose - as long as it does not contain the current valid external SRK split, before the new generating operation. For safety reasons, the HSM and Luna PED detect and refuse to overwrite the current purple PED key(s).

The srk commands apply to the Luna Backup HSM G5 only.

Syntax

srk enable

Example

lunacm:> srk enable

        Secure Transport functionality was successfully enabled.

Command Result : No Error



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-05-03 15:32:49 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information