|
Home > |
|---|
Restores the contents of an HSM partition from a backup token. This command securely moves contents from a backup token to an HSM partition on the HSM. The SafeNet Network HSM administrator executing this command has the option of replacing the objects existing on the HSM partition or adding to them. Note that if objects are added to the HSM partition it is possible that the same object may exist twice on the HSM partition with two different object handles.
Because replacing data in a partition is destructive, if this option is selected the user is prompted to proceed/quit.
If the passwords are not provided via the command line, the user is prompted for them interactively. User input is echoed as asterisks.
partition restore [-partition name -password <password>] [-tokenpw <password>] [-add] [-replace [-force]]
| Parameter | Shortcut | Description |
|---|---|---|
| -add | -a |
Use this switch (no argument) to specify that the data objects on the backup token shall be added to those already existing on the specified HSM Partition. Note that even objects on the backup token that are identical to objects in the HSM Partition will be added to the HSM Partition when specifying this switch; thus it is possible that the HSM Partition may have two identical objects on it as a result of this command. You must specify either -add or -replace. |
| -force | -f | Force the action without prompting. |
| -partition | -par | Specifies the name of the HSM partition from which all data/key objects are to be restored. Obtain the HSM partition name by using the partition -list command. |
| -password | -pas |
Specifies the HSM Partition Owner's (or Crypto Officer's) text password. This parameter is mandatoryfor password-authenticated HSMs. It is ignored on PED-authenticated HSMs. |
| -replace | -r |
Use this switch (no argument) to erase any data/key objects existing on the specified HSM Partition before loading the keys from the backup token. You must specify either -add or -replace. |
| -serial | -s | Specifies the token serial number. |
| -tokenpar | -tokenpa | Specifies the token partition name. |
| -tokenpw | -tokenpw |
The password for the user on the backup token. If this is a Secure Authentication & Access Control token, then SafeNet PED is required and any value provided here is ignored. If you do not enter this parameter you will be prompted for it. This parameter is mandatoryfor password-authenticated HSMs. It is ignored on PED-authenticated HSMs. |
The following example is for a PED-authenticated HSM
lunash:> partition restore -partition j1 -password userpin -replace
CAUTION: Are you sure you wish to erase all objects in the
partition named:
j1
Type 'proceed' to continue, or 'quit' to quit now.
> proceed
Luna PED operation required to login to partition backup space - use black PED Key.
Luna PED operation required to login to partition - use black PED Key.
Key handle 8 cloned from source to target.
Key handle 9 cloned from source to target.
'partition restore' successful.