|
Home > |
|---|
This section contains the following:
Note: Your PED must be in USB mode when connected to a Release 7.x SafeNet Luna Network HSM. Otherwise you will get a CKR_DEVICE_ERROR when attempting to authenticate. See Changing Modes for instructions on how to switch modes.
A Luna PED is used to authenticate to an HSM that requires PED (Trusted Path) Authentication.
The requirement for Trusted Path Authentication, as opposed to Password Authentication, is part of the specific model of HSM as configured at the factory.
Note: Exception – The SafeNet Luna Backup HSM configures itself at backup time as either Password-authenticated or PED-authenticated depending on the type primary HSM is it backing up.
Figure 1: PED front view
Figure 2: PED top view
| Key | Function |
|---|---|
| CLR or Clear |
•Clear the current entry, such as when inputting a PED PIN - wipes the entire entry. •* Reset the PED - hold the key down for five seconds. Useful if a PED operation timed out. |
| < |
•Backspace; clear the most recent digit that you have typed on the PED. •"Exit"; navigate to a higher level menu in the PED. |
| > |
•"Log"; shows most recent PED actions (since being in Local or Remote Mode). |
| Numeric keys |
•Select numbered menu items. •Input PED PINs. |
| Yes and No |
•Respond to Yes or No questions from the PED. |
| Enter |
•Confirm an action. |
Note: *Pressing (and holding) CLR causes reset only if the PED is engaged in an operation or is actively prompting you for action. Pressing CLR has no effect in the main menu, in the Admin Mode menu, or when "Awaiting command..."
The Luna PED automatically detects the active interface that it is plugged into, and defaults to the appropriate mode after the first command is sent to it. The Luna PED waits in either Remote PED-USB mode (if the PED is connected to a USB port) or in its Scanning state (if the PED is connected to an SCP port) until a command is received from the HSM.
•If the PED is directly connected to the HSM via USB port, it enters Local PED-USB mode.
•If the PED is remotely connected to the HSM via remote host, it enters Remote PED-USB mode.
•If the PED is directly connected to the HSM via SCP port, it enters Local PED-SCP mode.
You can also manually change modes by choosing a mode from the main menu. To navigate to the main menu, press the < key. The main menu shows you all the modes available to you as well as the PED’s firmware version. To enter a given mode, press the number corresponding to it on screen.
In Local PED mode, the Luna PED is connected directly to the HSM.
Initial HSM configuration must be done in Local PED mode, in order to set its authentication and create a relationship between the HSM and an orange PED key (RPK, or Remote PED Vector Key).
SafeNet Luna HSM versions 7.0 and later use USB mode, where the PED is connected to the HSM by the USB mini-B connector cable.
1.Press < to navigate to the main menu.
2.Press 0 to enter Local PED-USB mode.
In Local PED mode, the Luna PED is connected directly to the HSM.
Initial HSM configuration must be done in Local PED mode, in order to set its authentication and create a relationship between the HSM and an orange PED key (RPK, or Remote PED Vector Key).
Local PED-SCP mode is reserved for SafeNet Luna HSM versions that use a MDSM cable to connect the PED to the HSM.
1.Press < to navigate to the main menu.
2.Press 1 to enter Local PED-SCP mode.
In Local PED mode, the Luna PED is connected directly to the HSM.
Initial HSM configuration must be done in Local PED mode, in order to set its authentication and create a relationship between the HSM and an orange PED key (RPK, or Remote PED Vector Key).
1.Press < to navigate to the main menu.
2.Press 4 to enter Admin mode.
This mode is for the administration of your PED alone, for diagnostic tests, and for standalone or offline operations with PED keys. To implement a given menu item, press the number corresponding to it on screen.
The PED Key menu allows you to identify and login to your PED keys.
Press 1 to login, and follow the on screen instructions to perform operations on your PED keys without the SafeNet Luna HSM appliance. See for further information.
Press 3 to identify the role imprinted on a PED key you insert.
The Backup Devices menu is only compatible with SafeNet Luna Network HSMs and SafeNet Luna PCIe HSMs with firmware versions 6.21.0 and newer, excluding 7.x. This mode is incompatible with 7.x firmware.
The Software Update menu is rarely used and requires that you be sent a PED software file from SafeNet, along with directions on how to use it.
The Self Test menu allows you to test the PED’s functionality.
Follow the on screen instructions to test button functions, display, cable connections, and ability to properly read PED keys. The PED returns a PASS/FAIL report once it concludes the test.
1.Press < to navigate to the main menu.
2.Press 7 to enter Remote PED mode.
The Remote PED menu allows you to connect your workstation and PED to your HSM or partition remotely. Where obtaining local physical access to the appliance might be difficult, Remote PED provides the convenience of authenticating remotely from any configured workstation after initialization.
For more information on Remote PED and its setup and configuration, see About Remote PED.
When you perform an HSM operation that requires a PED key, you should already have the PED connected to the HSM or appliance. When the command is issued, the system tells you when to look to the PED.
When prompted, insert the indicated PED key into the connector at the top of the PED, immediately to right of the PED cable connection, then respond to further instructions on the PED display until control is returned to the administrative command line.
In conjunction with PED or PED Remote, a PED key can be electronically imprinted with a generated secret that might unlock one or more HSMs, which it retains until deliberately changed.
•A PED key can contain only one HSM authentication secret at a time.
•PED keys are completely interchangeable before they are imprinted by your action - the PED checks for an existing authentication secret, and tells you if the currently presented key is blank.
•PED keys are imprinted by Luna PED during HSM initialization and Partition creation and other HSM actions that create HSM roles or invoke certain HSM functions.
•PED keys can be re-imprinted with new HSM authentication secrets. Imprinting a new secret overwrites any HSM authentication secret that was already present on a PED key.
Note: The PED has no way to know if an authentication secret it finds on a key is valid for some role on the current HSM (or on some other HSM), or if a contained authentication secret is no longer valid, and therefore safe to overwrite.
For transport of the SafeNet Luna Network HSM, Secure Transport Mode can be enabled by the HSM SO.
1.Before shipment, login as the HSM SO.
2.Turn on Secure Transport Mode and take note of the unique verification code returned by the HSM.
3.The HSM and verification code are shipped via separate channels so that no attacker could obtain access to both while they are in transit.
4.Upon receipt, the administrator logs in to the HSM and compares the HSM verification code to the code provided to them. If the codes match, no tamper has occurred. If the codes do not match, then the HSM was intercepted and is no longer secure.
Further details are available in Secure Transport Mode.
A red domain PED key carries the key-cloning vector (the domain identifier) that allows cloning to take place among HSMs and tokens. Cloning is a secure method of copying HSM (or Partition) or token objects, such that they can be replicated between HSMs and tokens, but:
•Strongly encrypted, and
•Only between HSMs and tokens that share a cloning domain.
When you initialize an HSM, and are prompted for a red PED key, Luna PED first asks:
If you answer No:
•You are telling Luna PED that it should retrieve a new domain (key-cloning vector) from the HSM and prepare to overwrite that new domain secret onto the Key that you are about to insert.
•This was your last chance (short of aborting the procedure) to make the current HSM part of an existing cloning group. Further prompts in this sequence will give you the opportunity to remove keys that you have mistakenly offered and substitute another, but you get no more opportunity to change the No to a Yes.
•If the red PED key was already in use on an operational HSM (and Backup device), then that HSM (as well as the Backup device) carries the old domain and the newly overwritten red PED key can no longer be used with it — therefore, unless you have a duplicate red PED key with the old cloning domain (key-cloning vector), then that previous HSM cannot be backed up, and its Backup cannot be restored.
If you answer Yes:
•Luna PED prepares to preserve the domain (key-cloning vector) value that it expects to find on the red PED key, and store it onto the HSM -- this causes the current HSM to share the domain with the previous HSM and/or Backup device.
•With two or more HSMs (and at least one Backup HSM) sharing the same cloning domain, it is possible to clone the contents from one to another by means of backup and restore operations.
Note: An HSM or token can be a member of only one domain. To make an HSM or token become a member of a different domain, you must initialize the HSM or token and imprint the new key-cloning vector. This destroys any previous content, including the old key-cloning vector.
Each partition in an HSM has a domain of its own - this is created when the partition is initialized. Partitions contain customer-owned keys used in client operations, as well as data objects. Objects on a partition can be cloned to another partition (whether on the same HSM or on another HSM) only if both partitions share the same domain.
It is not possible for a partition or an SO space to be a member of more than one domain. It is possible for different partitions on the same HSM to be members of mutually exclusive domains. There is no limit to the number of partitions or HSMs that can share a common domain.
The following pages summarize PED setup and operations: