Show the Table of Contents

Consolidate Multiple Luna CA4 Tokens

A Luna SA 5 HSM can have up to 20 partitions, with up to 10,000 objects total per Luna SA. Each partition can have its own domain as represented by the domain (red) PED Key.

Keys (objects) from multiple Luna CA4 tokens can be consolidated onto one Luna SA 5.x HSM, where objects from each Luna CA4 are restored onto their own partitions. Alternatively, multiple Luna CA4 tokens can be restored to the same partition if those Luna CA4 tokens share the same domain (red PED Key).

To consolidate multiple Luna CA4 tokens onto a single Luna SA 5 HSM:

1. Connect a Luna DOCK2 to the USB (front panel) connector of the Luna SA 5.
2. Connect a Luna PED 2 to the PED port of the Luna SA 5.
3. Connect a Luna PED 2 to the PED port on the Luna DOCK2.
4. Create a partition on Luna SA 5 HSM.
   lunash:>partition create -partition P9 -force
   Both user (black) and domain (red) PED Keys will be created for Luna SA 5 partition P9.   
5. Set legacy domain to associate the Luna CA4 red PED Key with the newly created partition.  lunash:>partition setLegacyDomain -partition P9   
   The Luna SA 5 partition P9 user PED Key (black) is required, as is the Luna CA4 domain PED Key (red).
6. Insert a Luna CA4 token and restore the contained key objects to a Luna SA 5 partition    lunash:>partition restore -partition P9 -tokenPar mytoken -serial 123456001 -replace -force   
   "mytoken" is the Luna CA4 partition name and "123456001" is the serial number of the token. The “-replace” option will overwrite the Luna SA 5 partition content with objects from the Luna CA4 token. Use the “-add” option if you want to append the Luna CA4 objects to the partition.    
7. Repeat the above steps to restore objects from other Luna CA4 tokens.

Show the Table of Contents