Having logged in, you can now use the lunash ‘partition’ command.
When you issue the partition create command, to create an HSM Partition, you must supply a label or name for the new Partition.
Choose a partition name that is meaningful, in the
context of your operations.
Partition names must be unique in the HSM. You are not permitted to
create two partitions with the same label on one HSM.
This will be the label seen by PKCS #11 applications.
A partition name can be from 1 to 64 characters in length, and can include any of the following characters :
!#$%'()*+,-./0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~
No spaces.
When labeling HSMs or partitions, never use a numeral as the first, or only, character in the name/label. Token backup commands allow slot-number OR label as identifier which can lead to confusion if the label is a string version of a slot number.
For example, if the token is initialized with the label "1" then the user cannot use the label to identify the target for purposes of backup, because VTL parses "1" as signifying the numeric ID of the first slot rather than as a text label for the target in whatever slot it really occupies (the target is unlikely to be in the first slot), so backup fails.
Tips for using strong passwords:
– use at least eight characters (Partition
policy controls minimum length)
– mix the case of alphabetic characters
– include at least one numeral
– include at least one punctuation character or special character such
as @#$%&, etc.
– avoid words that can be found in the dictionary (any language)
– avoid proper names (especially family and pets)
– avoid birthday and other easily identifiable dates.
Repeat the above actions for each HSM Partition that you wish to create (to the limits of your Luna system's configuration).
Each time a partition is created, an entry is added to the audit log. Any subsequent actions logged against the partition are identified by the partition serial number that was generated when the partition was created.
An audit log entry similar to the following is generated when a partition is created on the HSM:
5,12/12/17 16:14:14,S/N 150718 session 1 Access 2147483651:2669 SO container operation LUNA_CREATE_CONTAINER returned RC_OK(0x00000000) container=20 (using PIN (entry=LUNA_ENTRY_DATA_AREA))
It is not obvious from this entry what the serial number is for the created partition. This information, however, can be derived from the log entry, since the partition serial number is simply a concatenation of the HSM serial number and the partition container number, which are specified in the log entry, as highlighted below:
5,12/12/17 16:14:14,S/N 150718 session 1 Access 2147483651:2669 SO container operation LUNA_CREATE_CONTAINER returned RC_OK(0x00000000) container=20 (using PIN (entry=LUNA_ENTRY_DATA_AREA))
In the example above, the HSM serial number is 150718 and the partition container number is 20. Note that the partition container number is a three-digit number with leading zeros suppressed, so that the actual partition container number is 020. To determine the partition serial number concatenate the two numbers as follows:
150718020
Use this number to identify the partition in subsequent audit log entiries.
If you have been following the instructions on these pages as part of setting up a new Luna appliance, then the next step is to adjust the Partition Policy settings for the new Partition that you just configured.