Show the Table of Contents

You are here: Reference Manual > Client-side Commands (lunacm) > lunacm hsm Commands > lunacm hsm setLegacyDomain Command

lunacm hsm Commands

hsm setLegacyDomain Command

NAME

hsm setLegacyDomain     Set the legacy cloning domain on the HSM.

SYNOPSIS

lunash:> hsm setLegacyDomain [-domain <domain>]

DESCRIPTION

Set the legacy cloning domain on an HSM.

The "Legacy Cloning Domain" for Password authenticated HSM partitions is the text string that was used as a cloning domain on the legacy token HSM or Luna PCI HSM or Luna SA HSM whose contents are to be migrated to the Luna 5.x HSM SO space (a separate command partition setLegacyDomain is used for partitions).

The "Legacy Cloning Domain" for PED authenticated HSMs is the cloning domain secret on the red PED key for the legacy PED authenticated HSM whose contents are to be migrated to the Luna 5.x HSM SO space.

Your target Luna 5.x HSM has, and retains, whatever modern HSM cloning domain was imprinted (on a red PED Key) when the HSM was initialized. The hsm setLegacyDomain command takes the domain value from your legacy HSM's red PED Key and associates that with the modern-format domain of the new HSM, to allow the HSM's SO space to be the cloning (restore...) recipient of objects from the legacy (token) HSM.

Once the first legacy domain has been associated with your new Luna HSM, that legacy domain is attached until the HSM is reinitialized.

The ability to hsm setLegacyDomain does not allow you to defeat the security provision that prevents cloning of objects across different domains.

As well, you cannot migrate objects from a Password authenticated token/HSM to a PED authenticated Luna 5.x HSM, and you cannot migrate objects from a PED authenticated token/HSM to a Password authenticated Luna 5.x HSM. Again, this is a security provision.

"Legacy Domains and Migration" for a description and summary of the possible combinations of source (legacy) tokens/HSMs and target (modern) HSMs and the disposition of token objects from one to the other.

OPTIONS

The following options are available:

(Option) Parameter Description
-password -pas <password> HSM Password
-domain -d <domain> Legacy Cloning Domain Name

For Password authenticated Luna 5.x HSMs, both options are mandatory.

For PED authenticated Luna 5.x HSMs, the options are ignored.


 

SAMPLE OUTPUT

lunacm:> hsm setLegacyDomain

 

The PED prompts for the legacy red domain PED Key (notice mention of "raw data" in the PED message).

Command result: Success!

lunacm:>

 

 

Show the Table of Contents