Show the Table of Contents
What is a duplicate PED Key?
When you have imprinted any PED Key (having set its parameters: is it re-used; does it have an optional PED PIN, is the secret split into
N parts), you are then prompted:
If you answer YES:
- this invokes the duplication
of the PED Key (any number), so that all duplicates can be interchangeable
(backups)
- you can now use the original
or any of the duplicates to access this HSM or Partition (blue or black
keys, respectively), and distribute the others to other personnel or to
secure storage
- you should decide how
many backup PED Keys are required by your organizational security policies
If you answer NO:
- you are indicating that
no duplicates/backups are necessary
- if you eventually require
duplicate/backups for your SO PED Keys, you can do so when you initialize
another HSM or when you perform an "hsm so-ped-key change""
(saying "NO" to the "reusing" question, and then saying
"YES" to the "duplicating" question at that time)
- if you eventually require
duplicate/backups for your Partition User/Crypto Officer PED Keys, you
can do so when you create another Partition (saying "NO" to the "reusing" question,
and then saying "YES" to the "duplicating" question
at that time)
- the same possibility is presented whenever you imprint any of the other keys (Domain, RPK, SRK)
- you can also create duplicates of any PED Key, except the purple (SRK), by means of Luna PED's Admin menu.
See Also
Show the Table of Contents