Key Cloning

You can clone key material between partitions to back up the keys, or to migrate the keys from one HSM to another. The rules, prerequisites, and procedures for migrating your key material are described in the following topics:

>Domain Planning

>Cloning Objects to Another Application Partition

>Cloning Keys Between Luna 6, Luna 7, and HSM on Demand

Overview and Key Concepts

A Crypto Officer can clone the cryptographic objects (keys) from one user partition to another user partition provided that:

>The user partitions share the same domain. See Domain Planning.

>The user partitions use the same authentication method (PED or password).

>The CO has the required credentials on both user partitions.

>The capabilities and policies set on the source and target HSM and user partitions allow cloning. See HSM Capabilities and Policies and Partition Capabilities and Policies.