hsm setLegacyDomain

Set the legacy (Luna 4.x) cloning domain on a Luna 7 HSM for the purposes of key migration:

> For password-authenticated HSMs, this is the text string that was used as a cloning domain on the legacy token HSM whose contents are to be migrated to the Luna Network HSM.

>For multifactor quorum-authenticated HSMs, this is the cloning domain secret on the red Luna PED for the legacy multifactor quorum-authenticated token HSM whose contents are to be migrated to the Luna Network HSM 7.

Your target Luna Network HSM 7 has, and retains, whatever modern HSM cloning domain was imprinted (on a red PED key) when the HSM was initialized. This command takes the domain value from your legacy HSM's red PED key and associates that with the modern-format domain of the current HSM, to allow the HSM to be the cloning (restore...) recipient of objects from the legacy (token) HSM. The legacy domain associated with your Luna Network HSM 7 is attached until the HSM is reinitialized.

Objects from legacy token/HSMs can only be migrated (restored) onto Luna HSMs configured to use their legacy domain. In other words, you cannot defeat the security provision that prevents cloning of objects across different domains.

You can now migrate objects between password-authenticated and multifactor quorum-authenticated HSMs by setting multiple cloning domains on a partition. See Enabling and Using Universal Cloning.

See Migrating Keys to Your New HSM for information on the possible combinations of source (legacy) tokens/HSMs and target (modern) HSMs and the disposition of token objects from one to the other.

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

hsm setLegacyDomain [-domain <domain>]

Argument(s)	Shortcut	Description
-domain <domain>	-d	Specifies the Legacy Cloning Domain name. This parameter is required on password-authenticated HSMs. It is ignored on multifactor quorum-authenticated HSMs, which retrieve the legacy domain name from the red PED key.

Example

lunash:>hsm setLegacyDomain

Luna PED operation required to set legacy cloning domain - use Domain (red) PED Key.

The Luna PED prompts for the legacy red domain PED key (notice mention of "raw data" in the PED message).

Command result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-05-06 11:28:46 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information