Key Cloning

You can clone key material between partitions to back up the keys, or to migrate the keys from one HSM to another. The rules, prerequisites, and procedures for migrating your key material are described in the following topics:

>Domain Planning

>Cloning Objects to Another Application Partition

>Cloning Keys Between Luna 6, Luna 7, and Luna Cloud HSM

Overview and Key Concepts

A Crypto Officer can clone the cryptographic objects (keys) from one user partition to another user partition provided that:

>The user partitions share the same domain. See Domain Planning.

>The user partitions use the same authentication method (PED or password).

>The CO has the required credentials on both user partitions.

>The capabilities and policies set on the source and target HSM and user partitions allow cloning. See HSM Capabilities and Policies and Partition Capabilities and Policies.

Changes introduced with firmware 7.7.0 (and newer)    

You can update Luna Client software, and Luna HSM firmware, and Luna Network HSM Appliance software at different times, according to your needs.

When firmware is updated to version 7.7.0 or newer, some changes take place in the partitions and their contents, such that updated Client software is needed to make full use of the updated partitions and their contents. See What are "pre-firmware 7.7.0", and V0, and V1 partitions? for more detail on behaviors and constraints of the partition types.

In HA groups update the secondary members first, and then the primary member last.

Older client will continue to work with V0 partition for Network HSM.

For PCIe must use Client 10.3 or

Need newer client for V1 partitions when you want to use SKS or PKA.

•Client software must be version 10.3 or newer to support SKS, to work with V1 partitions and HA.See What are "pre-firmware 7.7.0", and V0, and V1 partitions? for more detail.