|
Home > |
|---|
The CA menu provides the following functions:
(Not for Luna SA) This option prompts for a text string and sets the token cloning domain name to that value. To clone a key between two Luna CA3 tokens, both tokens must share the same red PED Key.
(Not for Luna SA) This option allows you to clone a key from one Luna RA token to another (or one Luna CA3 token to another). Both tokens must have the same cloning domain name (or red PED Key). Both tokens must have an open and logged on session active.
(Not for Luna SA) If you have a Luna CA3 token (which supports MofN authentication), this option allows you to turn on the MofN token feature. This option alone does nothing to the token, but instead sets a flag specifying that the next token to be initialized should have its MofN feature turned on (assuming, of course, that the token supports it).
(Not for Luna SA) This option allows you to generate MofN authentication splits, or secret shares. You can generate up to 16 shares (N), and you can specify how many of these shares are needed (M) in order to activate the token (up to 16).
(Not for Luna SA) This option allows you to authenticate yourself to the token using MofN secret shares generated by option #73 (Generate MofN). You must activate MofN on a token on which MofN has been generated, or you are unable to perform any cryptographic operations with the token.
(Not for Luna SA) Some tokens have the ability to support customer loaded certificates used for key cloning. If your token supports this feature, and you wish to use you own key cloning certificates (rather than the default certificates provided by SafeNet), the first step is to Generate token keys.
Note: If you do this, you are not able to clone to any other Luna CA tokens except those containing your own certificate.
(Not for Luna SA) This option is the next step in loading your own key cloning certificate onto the token. This action is done after #75 (Generate Token Keys).
(Not for Luna SA) This option is the final step to load a customer key cloning certificate to the token. This step is done after Steps 75 and 76.
(Not for Luna SA) Generate a special-purpose certificate for CertCo application.
(Not for Luna SA) Modifies the secret splitting vector on a token.
(Not for Luna SA) Create duplicates (copies) of all MofN secret splits.
Decache the MofN data.
Extract one of the following certificates from the HSM. You must supply the type and filename of the certificate you want to extract:
•Root certificate
•Hardware origin certificate
•ECC hardware origin certificate
•TWC (token wrapping certificate) version 1, 2, or 3.
•TCTrust device authentication certificate
•CITS device authentication certificate
This option sets the legacy Cloning Domain, from a legacy token, into association with the modern cloning domain attached to a current-model Luna HSM, to allow migration of token objects from legacy HSMs.