|
Home > |
|---|
Import a partition policy template. This command imports a partition policy template file from the current SCP directory in the SafeNet Network HSM appliance file system, into a hidden partition policy template directory within the appliance file system.
Note: The "current SCP directory", in this context, means the upload directory associated with the currently logged-in Network HSM appliance user (admin, operator, named-users...). So if a policy template file is expected, but not found, perhaps it was uploaded to a different appliance-administrative user than the one currently logged in, and is in that other user's filespace, rather than yours.
partition policyTemplate import [-filename<file-name>] [-rename<template-name>] [-force]
| Option | Shortcut | Parameter | Description |
|---|---|---|---|
| -filename | -fi | <file name> | The name of the template file that was sent from another system, and that you are now importing from the SafeNet Network HSM appliance's SCP directory into the partition policy template directory. Locate the available policy template files with command my file list. The "my file" commands access the SCP directory, specifically the sub-directory that is named for the user currently logged into the appliance. |
| -rename | -d | <template name> | Rename the template filename to a unique template name to be stored in the hidden partition policy template directory. The new filename that you choose must be unique within the partition policy template area on the current Network HSM appliance, or this command fails with an error message. Providing this name is optional. |
| -force | -fo | . | Force the option (suppress user interactive mode). Useful for scripting. |
When you tell the system to find a named file and bring it into the partition policy template directory, with a particular name, as a policy template, the system verifies that the file exists as you named it. If that file is not found in your file area for the currently logged in appliance user (admin, or operator, or a named user with admin or operator privileges), perhaps because it was mistyped or was uploaded to another account and therefore is invisible to the current logged-in user, then the system just throws an error message and stops.
Error: File <filename> was not found. Please specify a valid filename. <reason string>
Where "<reason string> is one of a few possible explanations to help you determine what went wrong.
If the filename matches a file in your (current logged-in appliance user) uploaded "my file" area, then the system checks that the file it found is a valid policy template. If so, it continues; if not it throws an error message and stops.
Error: File <filename> is not a valid partition policy template file.
If the file is a valid policy, then the system checks the name that it is expected to use (either you specified a new name in the "-rename" option, or the system uses the existing filename by default) against the policy templates that already exist in the policy template space, to ensure that the incoming template name is unique. If so, it continues; if not it throws an alert and requests a decision from the user.
Partition policy template <name> currently exists. If you choose to import <template name>, the existing partition policy template will be overwritten. Are you sure you wish to continue? Type ‘proceed’ to continue or ‘quit’ to quit now -> proceed
If the policy name was unique, or if you approve that the incoming template should overwrite an existing one by that name, then the system shows the content of the partition policy template, for you to verify that it contains the settings you expect it to contain.
Destructive
Code Description Value Off-To-On On-To-Off
______________________________________________________________________________
0 Allow private key cloning On Yes No
1 Allow private key wrapping Off Yes No
2 Allow private key unwrapping On No No
3 Allow private key masking Off Yes No
4 Allow secret key cloning On Yes No
5 Allow secret key wrapping On Yes No
6 Allow secret key unwrapping On No No
7 Allow secret key masking Off Yes No
10 Allow multipurpose keys On Yes No
11 Allow changing key attributes On Yes No
15 Ignore failed challenge responses Off Yes No
16 Operate without RSA blinding On Yes No
17 Allow signing with non-local keys On No No
18 Allow raw RSA operations On Yes No
20 Max failed user logins allowed 3 N/A N/A
21 Allow high availability recovery On No No
22 Allow activation Off No No
23 Allow auto-activation Off No No
25 Minimum pin length (inverted: 255 - min) 248 N/A N/A
26 Maximum pin length 255 N/A N/A
28 Allow Key Management Functions On Yes No
29 Perform RSA signing without confirmation On Yes No
30 Allow Remote Authentication On No No
31 Allow private key unmasking On No No
32 Allow secret key unmasking On No No
33 Allow RSA PKCS mechanism On Yes No
34 Allow CBC-PAD (un)wrap keys of any size On Yes No
35 Allow private key SFF backup/restore On Yes No
36 Allow secret key SFF backup/restore Off Yes No
37 Force Secure Trusted Channel Off No Yes
Are you sure you wish to continue?
Type ‘proceed’ to continue or ‘quit’ to quit now -> proceed
After you review the list and type "proceed" the partition policy template file is finally transferred from the SCP directory into the hidden policy template directory and deleted from the user's sub-directory within the SCP directory.
lunash:> partition policyTemplate import -filename sometemplate01 -rename sometemplate001
Partition policy template <name> currently exists. If you choose to import <template name>, the existing partition policy template will be overwritten.
Are you sure you wish to continue?
Type ‘proceed’ to continue or ‘quit’ to quit now -> proceed
Destructive
Code Description Value Off-To-On On-To-Off
______________________________________________________________________________
0 Allow private key cloning On Yes No
1 Allow private key wrapping Off Yes No
2 Allow private key unwrapping On No No
3 Allow private key masking Off Yes No
4 Allow secret key cloning On Yes No
5 Allow secret key wrapping On Yes No
6 Allow secret key unwrapping On No No
7 Allow secret key masking Off Yes No
10 Allow multipurpose keys On Yes No
11 Allow changing key attributes On Yes No
15 Ignore failed challenge responses Off Yes No
16 Operate without RSA blinding On Yes No
17 Allow signing with non-local keys On No No
18 Allow raw RSA operations On Yes No
20 Max failed user logins allowed 3 N/A N/A
21 Allow high availability recovery On No No
22 Allow activation Off No No
23 Allow auto-activation Off No No
25 Minimum pin length (inverted: 255 - min) 248 N/A N/A
26 Maximum pin length 255 N/A N/A
28 Allow Key Management Functions On Yes No
29 Perform RSA signing without confirmation On Yes No
30 Allow Remote Authentication On No No
31 Allow private key unmasking On No No
32 Allow secret key unmasking On No No
33 Allow RSA PKCS mechanism On Yes No
34 Allow CBC-PAD (un)wrap keys of any size On Yes No
35 Allow private key SFF backup/restore On Yes No
36 Allow secret key SFF backup/restore Off Yes No
37 Force Secure Trusted Channel Off No Yes
Are you sure you wish to continue?
Type ‘proceed’ to continue or ‘quit’ to quit now -> proceed
Success: Imported and saved partition policy template sometemplate001.
Command Result : 0 (Success)