|
Home > |
|---|
As described elsewhere, you can have a Luna HSM:
•with Cloning capability (direct, secure transfer from one HSM to another)
"Partition clone" securely clones partition objects (not including SO objects that are contained on the HSM, but not within an HSM Partition) from the HSM Partition to an encrypted file on your computer. The two HSMs must share the same domain (that is, they must have been initialized with the same red PED Key (for PED authenticated version) or the same text Domain value (Password authenticated versions)).
1.Start the lunacm utility.
2.Login to the partition as User.
3.At the lunacm prompt, type partition clone -objects <handles> -slot <target slot> [-password <secret>] [-force]
(the '-password <password>' is needed only if your HSMs are Password Authenticated
the source HSM is the current slot while the target HSM is the slot that you indicate in the command).
4.Secure the receiving/target HSM. Best practice for important keys and objects is to have a backup HSM in onsite secure lockup, for quick resumption of service in case of damage or loss of the primary HSM, and another backup HSM in secure off-site storage for disaster recovery.