Managing Luna HSM Keys

This section describes how to manage Luna HSM keys on CCKM. Before proceeding, you must have a Luna HSM partition added to the CCKM. Refer to Managing Luna HSM Partitions for details.

Adding Luna HSM Keys

To add a Luna HSM key:

1. Open the Cloud Key Manager application.

2. In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.

3. Click Add Key. The Add Luna Key dialog box is displayed.

Add Luna Key

1. Select the Partition ID of the desired Luna HSM.

2. Specify a Key Label. This helps in uniquely identifying a key.

3. Select the key Mechanism. The supported key mechanisms are:

   • CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN

   • CKM_RSA_X9_31_KEY_PAIR_GEN

   • CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN

   • CKM_RSA_PKCS_KEY_PAIR_GEN

4. Select the Key Size. The supported sizes are 2048, 3072, and 4096.

5. Select the Key Attributes. The options are:

   • Modifiable, Extractable, Sensitive (select all three for an Azure BYOK Compatible key)

   • Encrypt, Decrypt, Wrap, Unwrap

   • Sign, Verify, Derive

6. Click Next.

Review And Add Key

This screen shows the key details that you have provided. Before adding the key, review all details. After the key is added, certain features will no longer be editable.

1. Review the key details displayed on the screen.

   If details are incorrect or you want to make any changes, click Edit next to the LUNA HSM KEY section and update details. Alternatively, click Back and make changes, as appropriate.

2. Click Add Key.

   The key creation starts. A Create Key In Progress message is displayed on the screen. Leave the window open until the process is completed.

   When the Key ID link is displayed, the key is created successfully.

3. Click OK. The Add Luna Key wizard is closed.

The newly created key is displayed in the list of Luna keys.

Viewing Luna HSM Keys

The Luna Keys page displays the available Luna HSM keys. Search for Luna HSM keys by Key ID, Label, or Partition Label.

To view a Luna HSM key:

1. Open the Cloud Key Manager application.

2. In the left pane, click Cloud Keys > Luna. The Luna Keys page displays following details:

   Field	Description
   Key ID	Unique ID of the Luna HSM key. Click to view details and edit keys. Refer to Viewing or Editing Luna HSM Keys for details.
   Label	Label of the Luna HSM key.
   Status	Status of the Luna HSM key. The status can be: • Available • In Progress • Deleted • Failed
   Class	Class of the Luna HSM key. The class can be: • Private Key • Public Key
   Type	Type of the Luna HSM key - RSA.
   Size	Size of the Luna HSM key. The size can be: • 2048 • 3072 • 4096
   Detection Date	Time when the key is added to CCKM.
   Partition Label	Label of the Luna HSM partition where the key is created.
   Synced	Whether the key is synchronized (). For keys that are not synced, is displayed.

To hide/display columns, click the Customize View () icon, select or clear the desired check boxes, and click OK.

Viewing or Editing Luna HSM Keys

The Luna Keys page displays the list of available keys with their details. After a key is created, you can change its attributes. However, the key mechanism and size cannot be modified.

To edit a Luna HSM key:

1. Open the Cloud Key Manager application.

2. In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.

3. Click the Key ID link of the desired key. The edit view of the Luna Keys page is displayed. The mini detail view displays the key details, including a link to its private/public key.

   Alternatively, click the overflow icon () corresponding to the desired key and click View/Edit.

4. Under the GENERAL INFO section, modify the desired Key Attributes.

5. Click Update.

The message Updating Key is in progress is displayed. It may take some time to reflect the changes.

Refreshing Luna HSM Keys

Refreshing is the process of downloading keys from configured Luna HSM partitions and updating their details on the CCKM GUI. You can refresh keys of all partitions at once.

To refresh keys of all partitions:

1. Open the Cloud Key Manager application.

2. In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.

3. Click Refresh All. The This may take a while... message is displayed.

   Note

   Refreshing all Luna HSM Partitions is a time intensive operation that could take several hours or days to complete. It will continue running in the background.

4. Click Refresh All to continue.

A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.

The refreshed keys are listed on the Cloud Keys > Luna > Luna Keys page.

Syncing Luna HSM Keys

Syncing is the process of synchronizing a key in all Luna HSM partitions. After successful sync, all the partitions have the synced Luna HSM key. Syncing is useful for Luna HSM partitions in the HA mode.

To sync individual keys in all partitions:

1. Open the Cloud Key Manager application.

2. In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.

3. Click the overflow icon () corresponding to the desired key and click Sync.

A message Sync started... is displayed on the screen. If you want to cancel the sync, click Cancel Sync.

The synced key is listed on the Cloud Keys > Luna > Luna Keys page. The synced key will be visible under all the partitions.

Deleting Luna HSM Keys

To delete a Luna HSM key:

1. Open the Cloud Key Manager application.

2. In the left pane, click Cloud Keys > Luna. The list of available Luna HSM keys is displayed.

3. Click the overflow icon () corresponding to the desired key.

4. Click Delete. The Delete Key dialog box is displayed.

5. Select I wish to delete this key.

6. Click Delete.

A success message Delete is in progress is displayed. It may take some time to reflect the changes. After a key is deleted, its status becomes Deleted on the Luna Keys page.