If you insert a backup token that has previously been used on a Password Authenticated Luna SA into a PED Authenticated Luna SA, and attempt to initialize it, the system presents an error like:
[mylunasa] lunash:>token backup init -label mylunatoken -serial 1234567 -force
Warning: This token is not in the factory reset (zeroized) state.
You must present the current Token Admin login credentials
to clear the backup token's contents.
Luna PED operation required to initialize backup token - use
Security Officer (b
lue) PED key.
Error: 'token init' failed. (300130 : LUNA_RET_INVALID_ENTRY_TYPE)
Command Result : 65535 (Luna Shell execution)
[mylunasa] lunash:>
This is a security feature, intended to prevent backup of PED-secured HSM objects onto a less secure Password Authenticated token.
To work around this problem, issue "token factoryReset" first , and then initialize the token:
[mylunasa] lunash:>token backup factoryReset -serial 1234567
CAUTION: Are you sure you wish to reset this backup token to
factory default settings? All data will be erased.
Type 'proceed' to return the token to factory default, or
'quit' to quit now.
> proceed
token factoryReset' successful.
Command Result : 0 (Success)
[mylunasa] lunash:>token backup init -label mylunatoken -serial 1234567 -force
Luna PED operation required to initialize backup token - use
Security Officer (blue) PED key.
Luna PED operation required to login to backup token - use
Security Officer (blue) PED key.
Luna PED operation required to generate cloning domain on
backup token - use Domain (red) PED key.
'token init' successful.
Command Result : 0 (Success)
[mylunasa] lunash:>
Comparison Summary
View a table that compares and contrasts various "deny access" events or actions that are sometimes confused. "Destroy" action/event scenarios (Right-click the link if you prefer that it not open in a new window.)