Initializing the Remote PED Vector (RPV) and Creating an Orange Remote PED Key (RPK)
The Remote PED (via PEDserver) authenticates itself to the SafeNet Luna PCIe HSM with a randomly-generated encrypted value stored on an orange PED key. That secret originates in an HSM, and can be carried to other HSMs via the orange key. An HSM being newly configured either
>generates its own RPV secret to imprint on an orange PED Key,
or
>accepts a pre-existing RPV from a previously imprinted orange key, at your discretion.
The orange key proves to the HSM that the Remote PED is authorized to provide authentication for HSM roles. A SafeNet Luna PCIe HSM administrator can create this key
NOTE Generally, the HSM SO creates an orange PED key (and backups), makes a copy for each valid Remote PED server, and distributes them to the Remote PED administrators.
If the HSM is already initialized, the HSM SO must log in to complete this procedure. You require:
>SafeNet Luna PED with firmware 2.7.1 or newer
>USB mini-B to USB-A connector cable
>Luna PED DC power supply (if included with your Luna PED)
>Blank or reusable orange PED key (or multiple keys, if you plan to make extra copies or use an M of N security scheme). See Creating PED Keys for more information.
To initialize the RPV and create the orange PED key locally
1.If you have not already done so, set up a Local PED connection (see Local PED Setup).
2.Launch LunaCM on the SafeNet Luna PCIe HSM host workstation.
3.If the HSM is initialized, login as HSM SO (see Logging In as HSM Security Officer). If not, skip to the next step.
lunacm:> role login -name so
4.Ensure that you have the orange PED key(s) ready. Initialize the RPV.
lunacm:> ped vector
5.Attend to the Luna PED and respond to the on-screen prompts. See Creating PED Keys for a full description of the key-creation process.
•If you have an orange PED key with an existing RPV that you wish to use for this HSM, press Yes.
•If you are creating a new RPV, press No.
Continue following the prompts for PED PIN, M of N, and duplication options.
To continue setting up a Remote PED server, see Installing PEDserver and Setting Up the Remote Luna PED.
