partition restore
Restores the contents of an HSM partition from a backup token. This command securely moves contents from a backup token to an HSM partition on the HSM. The SafeNet Luna Network HSM administrator executing this command has the option of replacing the objects existing on the HSM partition or adding to them. Note that if objects are added to the HSM partition it is possible that the same object may exist twice on the HSM partition with two different object handles.
Because replacing data in a partition is destructive, if this option is selected the user is prompted to proceed/quit.
If the passwords are not provided via the command line, the user is prompted for them interactively. User input is echoed as asterisks.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
partition restore -partition <name> -tokenpar <name> -serial <serialnum> {-add | -replace} [-password <password>] [-tokenpw <password>] [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-add | -a |
Use this switch (no argument) to specify that the data objects on the backup token shall be added to those already existing on the specified HSM Partition. Note that even objects on the backup token that are identical to objects in the HSM Partition will be added to the HSM Partition when specifying this switch; thus it is possible that the HSM Partition may have two identical objects on it as a result of this command. You must specify either -add or -replace. |
-force | -f | Force the action without prompting. |
-partition <name> | -par | Specifies the name of the HSM partition from which all data/key objects are to be restored. Obtain the HSM partition name by using the partition -list command. |
-password <password> | -pas |
Specifies the HSM Partition Owner's (or Crypto Officer's) text password. This parameter is mandatoryfor password-authenticated HSMs. It is ignored on PED-authenticated HSMs. |
-replace | -r |
Use this switch (no argument) to erase any data/key objects existing on the specified HSM Partition before loading the keys from the backup token. You must specify either -add or -replace. |
-serial <serialnum> | -s | Specifies the token serial number. |
-tokenpar <name> | -tokenpa | Specifies the token partition name. |
-tokenpw <password> | -tokenpw |
The password for the user on the backup token. If this is a Secure Authentication & Access Control token, then Luna PED is required and any value provided here is ignored. If you do not enter this parameter you will be prompted for it. This parameter is mandatoryfor password-authenticated HSMs. It is ignored on PED-authenticated HSMs. |
Example
lunash:>partition restore -partition sa78par1 -tokenpar sa78par1backup -size 496771 -add
Please enter the password for the token user partition:
> ********
Please enter the password for the HSM user partition:
> ********
Object "MT RSA 4096-bit Private KeyGen" (handle 14) cloned to handle 46 on target
Object "MT RSA 4096-bit Public KeyGen" (handle 18) cloned to handle 49 on target
Object "MT RSA 4096-bit Private KeyGen" (handle 19) cloned to handle 52 on target
Object "MT RSA 4096-bit Public KeyGen" (handle 23) cloned to handle 48 on target
Object "MT RSA 4096-bit Private KeyGen" (handle 24) cloned to handle 57 on target
Object "MT RSA 4096-bit Public KeyGen" (handle 28) cloned to handle 70 on target
'partition restore' successful.
Command Result : 0 (Success)