|
Home > |
|---|
When you have imprinted any PED Key (having set its parameters: is it re-used; does it have an optional PED PIN, is the secret split into N parts), you are then prompted:
If you answer YES:
•this invokes the duplication of the PED Key (any number), so that all duplicates can be interchangeable (backups)
•you can now use the original or any of the duplicates to access this HSM or Partition (blue or black keys, respectively), and distribute the others to other personnel or to secure storage
•you should decide how many backup PED Keys are required by your organizational security policies
If you answer NO:
•you are indicating that no duplicates/backups are necessary
•if you eventually require duplicate/backups for your SO PED Keys, you can do so when you initialize another HSM or when you perform an "hsm so-ped-key change"" (saying "NO" to the "reusing" question, and then saying "YES" to the "duplicating" question at that time)
•if you eventually require duplicate/backups for your Partition User/Crypto Officer PED Keys, you can do so when you create another Partition (saying "NO" to the "reusing" question, and then saying "YES" to the "duplicating" question at that time)
•the same possibility is presented whenever you imprint any of the other keys (Domain, RPK, SRK)
• you can also create duplicates of any PED Key, except the purple (SRK), by means of Luna PED's Admin menu.