|
Home > |
|---|
Set the legacy cloning domain on the HSM. You must set the legacy cloning domain to migrate the contents of a legacy SafeNet HSM to a release 6.x SafeNet HSM.
•The legacy cloning domain for password-authenticated HSM partitions is the text string that was used as a cloning domain on the legacy token HSM or SafeNet PCI HSM or SafeNet Network HSM whose contents are to be migrated to the SafeNet 6.x HSM SO space (a separate command, partition setlegacydomain is used for partitions).
•The legacy cloning domain for PED-authenticated HSMs is the cloning domain secret on the red PED key for the legacy PED authenticated HSM whose contents are to be migrated to the SafeNet 6.x HSM SO space.
You cannot migrate objects from a password-authenticated token/HSM to a PED authenticated SafeNet 6.x HSM, and you cannot migrate objects from a PED authenticated token/HSM to a password-authenticated SafeNet 6.x HSM.
Your target SafeNet 6.x HSM has, and retains, whatever modern HSM cloning domain was imprinted (on a red PED Key) when the HSM was initialized. The hsm setlegacydomain command takes the domain value from your legacy HSM's red PED Key and associates that with the modern-format domain of the new HSM, to allow the HSM's SO space to be the cloning (restore...) recipient of objects from the legacy (token) HSM.
Once the first legacy domain has been associated with your new SafeNet HSM, that legacy domain is attached until the HSM is reinitialized.
The ability to set the legacy cloning domain does not allow you to defeat the security provision that prevents cloning of objects across different domains.
See "Legacy Domains and Migration" for a description and summary of the possible combinations of source (legacy) tokens/HSMs and target (modern) HSMs and the disposition of token objects from one to the other.
Note: The lunacm hsm commands appear only when the current slot selected in lunacm is for a locally-installed HSM, such as a SafeNet PCI-E HSM. When lunacm is directed at a slot corresponding to a remote SafeNet Network HSM, the hsm-level commands do not appear, since lunacm has a client-only connection to a remote HSM and therefore cannot log in as SO to a remote HSM. To access HSM commands on the SafeNet Network HSM appliance, you must use the LunaSH.
hsm setLegacyDomain [-domain <domain>]
| Parameter | Shortcut | Description |
|---|---|---|
| -password | -pas | The HSM password. |
| -domain | -d | The name of the legacy cloning domain. |
lunacm:> hsm setLegacyDomain
The PED prompts for the legacy red domain PED Key (notice mention of "raw data" in the PED message).
Command result: Success!