role createchallenge

Create a challenge secret for the Crypto Officer (CO) or Crypto User (CU) role on the current partition (slot). This command applies to PED-authenticated partitions only.

The challenge secret is a text string (password) that provides an additional level of authentication for PED-authenticated partitions. If you create a challenge secret for a role, the role authenticates to the partition as follows:

>If the role is not activated on the partition, the role must provide both the PED key and challenge secret to gain access to the partition.

>If the role is activated on the partition, the role is able to access the partition using the challenge secret only.

See Activation and Auto-Activation on PED-Authenticated Partitions in the Administration Guide for more information.

You must be logged in as the Partition SO to create a challenge for the Crypto Officer. You must be logged in as the Crypto Officer to create a challenge for the Crypto User. The target role must already exist. See role init.

Syntax

role createchallenge -name <role> [-challengesecret <string>]

Argument(s) Shortcut Description
-name <role> -n Name of role for which the challenge is to be created
-challengesecret -c The challenge secret (password) you wish to create for this role. If this option is not included, you will be prompted to enter a challenge secret, masked by asterisks (*).

Example

lunacm:> role createchallenge -name co
 
        Please attend to the PED.
 
        enter new challenge secret: ********
 
        re-enter new challenge secret: ********
 
Command Result : No Error


Customer Support Portal

SafeNet Luna PCIe HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.