Managing Luna HSM Keys
This section describes how to manage Luna HSM keys on CCKM. Before proceeding, you must have a Luna HSM partition added to the CCKM. Refer to Managing Luna HSM Partitions for details.
Adding Luna HSM Keys
To add a Luna HSM key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.
Click Add Key. The Add Luna Key dialog box is displayed.
Select the Partition ID of the desired Luna HSM.
Specify a Key Label. This helps in uniquely identifying a key.
Select the key Mechanism. The supported key mechanisms are:
CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN
CKM_RSA_X9_31_KEY_PAIR_GEN
CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN
CKM_RSA_PKCS_KEY_PAIR_GEN
Select the Key Size. The supported sizes are 2048, 3072, and 4096.
Select the Key Attributes. The options are:
Modifiable, Extractable, Sensitive (select all three for an Azure BYOK Compatible key)
Encrypt, Decrypt, Wrap, Unwrap
Sign, Verify, Derive
Click Save.
The message Create Key is in progress is displayed. It may take some time to create key. A success message Key created successfully is displayed. The newly created set of public and private key pair is displayed in the keys list.
Note
Creation of a Luna HSM key fails if the selected Luna HSM partition is full. If the key creation fails, ensure enough free disk space is available on the partition and retry the key creation.
Viewing Luna HSM Keys
The Luna Keys page displays the available Luna HSM keys. Search for Luna HSM keys by Key ID, Label, or Partition Label.
To view a Luna HSM key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > Luna. The Luna Keys page displays following details:
Field Description Key ID Unique ID of the Luna HSM key. Click to view details and edit keys. Refer to Viewing or Editing Luna HSM Keys for details. Label Label of the Luna HSM key. Status Status of the Luna HSM key. The status can be:
• Available
• In Progress
• Deleted
• FailedClass Class of the Luna HSM key. The class can be:
• Private Key
• Public KeyType Type of the Luna HSM key - RSA. Size Size of the Luna HSM key. The size can be:
• 2048
• 3072
• 4096Detection Date Time when the key is added to CCKM. Partition Label Label of the Luna HSM partition where the key is created. Synced Whether the key is synchronized ( 
). For keys that are not synced, 
is displayed.
To hide/display columns, click the Customize View (
) icon, select or clear the desired check boxes, and click OK.
Viewing or Editing Luna HSM Keys
The Luna Keys page displays the list of available keys with their details. After a key is created, you can change its attributes. However, the key mechanism and size cannot be modified.
To edit a Luna HSM key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.
Click the Key ID link of the desired key. The edit view of the Luna Keys page is displayed. The mini detail view displays the key details, including a link to its private/public key.
Alternatively, click the overflow icon (
) corresponding to the desired key and click View/Edit.Under the GENERAL INFO section, modify the desired Key Attributes.
Click Update.
The message Updating Key is in progress is displayed. It may take some time to reflect the changes.
Refreshing Luna HSM Keys
Refreshing is the process of downloading keys from configured Luna HSM partitions and updating their details on the CCKM GUI. You can refresh keys of all partitions at once.
To refresh keys of all partitions:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.
Click Refresh All. The This may take a while... message is displayed.
Note
Refreshing all Luna HSM Partitions is a time intensive operation that could take several hours or days to complete. It will continue running in the background.
Click Refresh All to continue.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
The refreshed keys are listed on the Cloud Keys > Luna > Luna Keys page.
Syncing Luna HSM Keys
Syncing is the process of synchronizing a key in all Luna HSM partitions. After successful sync, all the partitions have the synced Luna HSM key. Syncing is useful for Luna HSM partitions in the High Availability (HA) mode.
To sync individual keys in all partitions:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.
Click the overflow icon (
) corresponding to the desired key and click Sync.
A message Sync started... is displayed on the screen. If you want to cancel the sync, click Cancel Sync.
The synced key is listed on the Cloud Keys > Luna > Luna Keys page. The synced key will be visible under all the partitions.
Deleting Luna HSM Keys
To delete a Luna HSM key:
Open the Cloud Key Manager application.
In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.
Click the overflow icon (
) corresponding to the desired key.Click Delete. The Delete Key dialog box is displayed.
Select I wish to delete this key.
Click Delete.
A success message Delete is in progress is displayed. It may take some time to reflect the changes. After a key is deleted, its status becomes Deleted on the Luna Keys page.
