Commands that Require SafeNet PED Interaction

Home >

Commands that Require SafeNet PED Interaction

The following is a list of HSM commands that require the use of SafeNet PED and PED Keys for PED-authenticated SafeNet HSMs. These indications apply whether you are using local PED or Remote PED [*].

Commands (hsm)	Notes
hsm login	PED required SO (blue) key
hsm changeHSMPolicy	Must be logged in as SO to complete. PED required - SO (blue) key
hsm changeSOPolicy	Must be logged in as SO to complete. PED required - SO (blue) key
hsm changePw	PED required SO (blue) key
hsm contents	Must be logged in as SO to complete. PED required - SO (blue) key
hsm clear	Must be logged in as SO to complete. PED required - SO (blue) key
hsm updateFW	Any partition activated before firmware update will need to be reactivated after the update - par activate command requires use of PED
hsm rollbackFW	Must be logged in as SO to complete. PED required - SO (blue) key
hsm updateCap	Must be logged in as SO to complete. PED required - SO (blue) key
hsm restoreSIM2	Must be logged in as SO to complete. PED required - SO (blue) key
hsm restoreUser	Must be logged in as SO to complete. PED required - SO (blue) key
hsm clone	Must be logged in as SO to complete. PED required - SO (blue) key
hsm restore	Must be logged in as SO to complete. PED required - SO (blue) key
hsm factoryReset	Technically a PED is not required to execute this command (a direct serial connection to the device is required), but a PED will be required when re-initializing and configuring the HSM
hsm smkClone	Must be logged in as SO to complete. PED required - SO (blue) key
hsm setLegacyDomain	Legacy Domain PED key required, therefore the PED is required

Commands (partition)	Notes
par login	User password required PED required User (black) key
par activate	User password required PED required User (black) key
par create	Must be logged in as SO to complete. PED required - SO (blue) key PED required User (black) key PED required Domain (red) key
par createUser	Must be logged in as SO to complete. PED required - SO (blue) key
par createChallenge	Must be logged in as SO to complete. PED required - SO (blue) key PED also displays the generated challenge string
par changePolicy	Must be logged in as SO to complete. PED required - SO (blue) key
par changePw -p	Must be logged into partition User password required PED required User (black) key Old and new password required
par resetPw	Must be logged in as SO to complete. PED required - SO (blue) key PED required User (black) key
par contents	User password required PED required User (black) key
par clear	User password required PED required User (black) key
par backup	User password required PED required User (black) key
par clone	User password required PED required User (black) key
par setLegacyDomain	User password required PED required User (black) key
par restoreSIM2	Must be logged in as SO to complete. PED required - SO (blue) key
par restoreSIM3	Must be logged in as SO to complete. PED required - SO (blue) key

Commands (srk)	Notes
srk enable	Must be logged in as SO to complete. PED required - SO (blue) key
srk disable	Must be logged in as SO to complete. PED required - SO (blue) key

srk recover	Must be logged in as SO to complete. PED required - SO (blue) key
srk generate	Must be logged in as SO to complete. PED required - SO (blue) key
srk transport	Must be logged in as SO to complete. PED required - SO (blue) key

[* The only instance where local and Remote PED operations are not equivalent is when you initially set up for Remote PED operation by imprinting an RPV (Remote PED Vector) using an RPK (orange Remote PED Key). The imprinting must be performed locally.

Once the HSM has an RPV, you can perform all further PED-mediated authentication remotely, if desired.]

In most cases, use of the PED is a rare event. You use it when setting up the HSM and partitions, when activating partitions, and when making certain changes that might be necessitated by changes or expansions in your application or security environment (example: change of personnel). Most customers find that, once provisioned for your environment and application(s), the HSM simply functions day after day with no further intervention required.