|
Home > |
LunaCM Command Reference Guide > LunaCM commands
|
|---|
This chapter describes the commands available in LunaCM. The commands are described in alphabetical order and provide:
•a brief description of the command function
•the command syntax and parameter descriptions
•usage examples
Lunacm opens with a slot list, showing brief descriptions of the HSM administrative or application partitions that are visible to the library, in the order that they are detected. Those include:
•SafeNet Network HSM application partitions (if any), network-connected to the host computer via NTLS or STC channels,
•SafeNet PCIe HSMs (if any) installed within the host computer,
•SafeNet USB HSMs (if any) connected via USB to the host computer.
By default, Lunacm shows the lowest-numbered slot first. Local HSMs (SafeNet PCIe HSM or SafeNet USB HSM) might have an HSM administrative slot (for the HSM SO) or an application partition slot, or both, so lunacm leaves gaps in the slot numbering to allow for the possible slots on a given HSM.
The question mark (or any incorrect command) shows the lunacm commands available to be used in the current slot.
The availability of lunacm commands changes according to four possible scenarios:
• the current slot is the HSM administrative partition for an HSM with firmware version 6.22.0 or newer
•the current slot is an application partition that has its own SO (a PPSO partition), on an HSM with firmware version 6.22.0 or newer
•the current slot is a separate-but-not-independent application partition that is administered by the HSM SO, and does not have its own separate SO (a legacy-style partition) on an HSM with firmware version 6.22.0 or newer
•the current slot is the HSM administrative partition and application partition for an HSM with firmware older than version 6.22.0 (a true legacy partition).
No single partition type has access to all the possible commands within lunacm.
Note: Persistence of login state
For HSMs with firmware 6.22.0 or newer, login state of a slot is preserved until explicitly ended (such as with "logout" or "deactivate" or closing the application). Therefore, login state persists when you switch slots in lunacm. That is, if you were logged into the partition in slot 1, then set current slot to slot 2, then came back to slot 1, the login state for the partition in slot 1 would still be in force, with no need to reinstate it.
For HSMs with older firmware, changing to a different slot terminates the login state in the original slot, as was always the case.
(These are the commands that you see if the current-slot partition is the initialized HSM's administrative partition, while the HSM is at firmware version 6.22.0 or newer. Some of these commands act on the current-slot partition; some have a -slot option to direct their action to another partition/slot.)
Select a link to display the command syntax or to help you to navigate to the sub-command you need:
appid
audit
file
clientconfig
hagroup
hsm
partition
ped
remoteBackup
role
slot
srk
stcconfig
| Parameter | Shortcut | Description |
|---|---|---|
| appid | a | > Manage Application Ids. See appid . |
| audit | au | Audit commands. See audit |
| clientconfig | ccfg | Client configuration. See clientconfig . |
| file | f | File commands. See file display . |
| hagroup | ha | High Availability Group commands. See hagroup . |
| hsm | hs | HSM commands. See hsm . |
| partition | par | Partition commands. See partition . |
| ped | p | Remote PED commands. See ped . |
| remoteBackup | rb | Manage Remote Backup server. See remotebackup start . |
| role | ro | Role management commands. See role . |
| slot | s | Slot management commands. See slot . |
| srk | r | Secure Recovery commands. See srk . |
| stc | stc | Secure Trusted Channel commands. See stc . |
| stcconfig | stcc | Secure Trusted Channel configuration commands. See stcconfig . |
(These are the commands that you see if the current-slot partition is the initialized HSM's administrative partition, while the HSM is at firmware version 6.22.0 or newer. Some of these commands act on the current-slot partition; some have a -slot option to direct their action to another partition/slot.)
Select a link to display the command syntax or to help you to navigate to the sub-command you need:
appid
file
clientconfig
hagroup
partition
ped
remoteBackup
role
slot
stcconfig
| Parameter | Shortcut | Description |
|---|---|---|
| appid | a | > Manage Application Ids. See "appid" on page 1 . |
| file | f | File commands. See "file display" on page 1 . |
| clientconfig | ccfg | Client configuration. See "clientconfig" . |
| hagroup | ha | High Availability Group commands. See "hagroup" on page 1 . |
| partition | par | Partition commands. See "partition" on page 1. |
| ped | p | Remote PED commands. See "ped" on page 1 . |
| remoteBackup | rb | Manage Remote Backup server. See "remotebackup start" on page 1 . |
| role | ro | Role management commands. See "role" . |
| slot | s | Slot management commands. See "slot" on page 1 . |
| stc | stc | Secure Trusted Channel commands. See stc . |
| stcconfig | stcc | Secure Trusted Channel configuration commands. See stcconfig . |