|
Home > |
|---|
The Crypto Officer creates a Crypto User on a partition.
For SafeNet HSM with firmware 6.22.0 and newer, this command applies to either PED-authenticated or Password-authenticated HSMs. The Crypto Officer's password is included as authentication before specifying the password that is assigned to the new Crypto User.
For older SafeNet HSM firmware versions, this command applied only to PED-authenticated HSMs, and had only the "-partition" option.
partition createuser -partition <partition_name> [-coPassword <password>] [-cuPassword <password>] [-defaultChallenge]
| Parameter | Shortcut | Description |
|---|---|---|
| -partition | -p <name> | The name of the HSM partition on which to create the Crypto User. Obtain the HSM partition name by using the partition list command. |
| -coPassword | -co <password> | The password of the Crypto Officer, when creating a Crypto User on a password-authenticated HSM. |
| -cuPassword | -cu <password | The Crypto User password, being assigned when creating a Crypto User on a password-authenticated HSM. |
| -defaultChallenge | -d . | For PED-authenticated HSM, sets the default challenge string "PASSWORD", instead of getting a random, 16-character string from SafeNet PED. |
lunash:> partition createuser -partition b1 -coPassword somePWstring -cuPassword someotherPWstring
'partition createuser' successful.
For PED-authenticated HSM, the partition createuser dialog directs you to the PED for two separate PED Key operations:
•The first time, you provide the black PED Key for authentication by the Crypto Officer that was created when the application partition was first initialized.
•The second time, if you have the newer label sheets that include gray stickers, you provide a PED Key labeled with a gray sticker; otherwise, just use a black-labeled PED Key, but be sure to identify that key as Crypto User, to prevent confusing it with the black Crypto Officer key.
[MyLunaSA2] lunash:>partition show Partition Name: P1SA2 Partition SN: 356654569703 Partition Label: P1SA2 Crypto Officer PIN To Be Changed: no Crypto Officer Challenge To Be Changed: no Crypto Officer Locked Out: no Crypto Officer Login Attempts Left: 10 Crypto Officer is activated: no Crypto User is not initialized. Legacy Domain Has Been Set: no Partition Storage Information (Bytes): Total=2087864, Used=0, Free=2087864 Partition Object Count: 0 Command Result : 0 (Success) [MyLunaSA2] lunash:>partition createuser -partition P1SA2 -d Please enter Crypto Officer password for the partition: > ******* Warning: This partition will be created with default challenge password. Luna PED operation required to activate partition on HSM - use Partition Owner (black) PED key. Luna PED operation required to create user on partition - use Crypto User (black) PED key. 'partition createuser' successful. Command Result : 0 (Success) [MyLunaSA2] lunash:>partition show Partition Name: P1SA2 Partition SN: 356654569703 Partition Label: P1SA2 Crypto Officer PIN To Be Changed: no Crypto Officer Challenge To Be Changed: no Crypto Officer Locked Out: no Crypto Officer Login Attempts Left: 10 Crypto Officer is activated: no Crypto User PIN To Be Changed: no Crypto User Challenge To Be Changed: yes Crypto User Locked Out: no Crypto User Login Attempts Left: 10 Crypto User is activated: no Legacy Domain Has Been Set: no Partition Storage Information (Bytes): Total=2087864, Used=0, Free=2087864 Partition Object Count: 0 Command Result : 0 (Success) [MyLunaSA2] lunash:>