About Key Cloning and Key Wrapping

When your partition was created by the service provider, it was set to allow either private key cloning or private key wrapping. To ensure the security of your keys, these policies are mutually exclusive. The Partition Security Officer can enable or disable the capability set at creation, but cannot configure the other policy.

Private key cloning allows you to migrate private keys to and from an on-premises Luna HSM version 6.x. 7.x, or a Luna Backup HSM G5, as described in Key Migration. You can always clone public keys and secret keys, regardless of this setting.

Private key wrapping allows you to encrypt private keys and export them to a file for off-board storage or use, outside of an HSM.

To disable private key wrapping

1.Launch LunaCM and log in to the partition as Partition SO.

lunacm:>slot set slot <slotnum>

lunacm:>role login -name po

2.Set partition policy 1: Allow private key wrapping to 0 (OFF).

lunacm:>partition changepolicy -policy 1 -value 0

To disable private key cloning

1.Log in to the partition as Partition SO.

lunacm:>slot set slot <slotnum>

lunacm:>role login -name po

2.Set partition policy 0: Allow private key cloning to 0 (OFF).

lunacm:>partition changepolicy -policy 0 -value 0



	SUPPORT	LEGAL
Luna Cloud HSM Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-03-21 11:07:25 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Document Information