You are here: Administration & Maintenance Manual > HSM Administration > Authenticating - PED and Password > Luna PED and PED Keys > What is a Group PED Key

What is a Shared or Group PED Key?

With the common administrative group option (answer "YES" to the Luna PED question Do you wish to reuse an existing keyset? during HSM initialization or Partition creation) (one PED Key accesses multiple HSMs) – as opposed to the default unique secret (where each HSM has its own unique PED Key) – you can use numerous HSMs and not need to manage numerous keys.

For example, at an installation employing five Luna HSMs:

the unique key option would create five different, mutually exclusive blue SO PED Keys, one to access each of the individual HSMs (morea gain in exclusivity of HSM ownership, at the cost of additional PED Keys to manage and control )

compared to

the common administrative group PED Key option where you might have a single SO PED Key that could access any of the five HSMs (morea savings at the administrative level, at the cost of HSM ownership exclusivity (if one key is compromised, it compromises all five HSMs) ).

How does it work?

During the process of initializing an HSM, or creating an HSM Partition (on Luna HSM with PED [Trusted Path] Authentication), Luna PED attempts to imprint a blue or a black or a red PED Key [ Similarly, the orange PED Key can be shared among several HSMs, although it is created in its own process, and not as part of HSM initialization or partition creation. The white Audit PED Key is also created and maintained in its own process, and not as part of HSM or partition initialization. Both the orange and white keys, like the others, can be made common among multiple HSMs if desired.

The purple PED Key is unique in that it can correspond to one HSM only. ], and asks:

Do you wish to reuse an existing keyset?

Press “YES” on the Luna PED keypad if you are inserting a key that can access previous HSMs (meaning that another HSM was initialized with this PED Key). Choosing “YES” preserves the old access code on the PED Key and applies it also to the current HSM or token. Thereafter, the PED Key can access both (or multiple) HSMs or tokens that share the same access secret. The randomly-generated PIN on the PED-key is not overwritten.

In other words, saying "YES" to the PED prompt "Do you wish to reuse an existing keyset", is the method to share a common authentication secret among multiple HSMs.

Alternatively, if you wish to have different PED Keys associated with each HSM in your possession, answer 'NO'. A 'NO', is a choice to overwrite the PIN (if one is already present) and store a new, randomly-generated PIN on this PED Key – any existing authentication code on this PED Key is to be overwritten with a new code, good with only the current HSM or token. The same applies to black HSM Partition User PED Keys.

The red PED Keys must have the same domain secret for each HSM that will synchronize (backup and restore, or HA) with another. An HSM backup partition or token content can be restored only onto an HSM that was initialized with the same red key secret. You must always choose to "...reuse an existing keyset" when initializing any HSM after the first one in a cloning group, or any partition after the first one in a cloning group.

The orange RPK PED Key, for RPV (Remote PED Vector), carries a secret that matches the RPV on an HSM to which you will be remotely authenticating with Luna PED 2 remote version. If you wish more than one HSM to have the same RPK, then you would choose to "...reuse an existing keyset" when setting RPK with "hsm ped vector init".

The white Audit PED Key carries the secret that authenticates the holder of the Audit role for the current HSM, and for any other HSMs where you have chosen to "Reuse" the PED Key when initializing the Audit role.

Reusing a PED Key forces all PED PINS to be the same

The Exception

The purple SRK PED Key differs from the others, in that it cannot be used with more than one HSM in common. You can reuse a purple PED Key with a different HSM by overwriting the key, but you cannot reuse the secret on that key with any HSM other than the one that originated the secret. The SRV (secure recovery vector) is not transferable. Each SRV is unique. An HSM can export a split of its SRV onto a purple PED Key (SRK) for use with only that HSM. If you imprint a valid purple PED Key with any other HSM, the key takes on a new SRV split that is valid with the new HSM, and is no longer useful with the original HSM.