Key Cloning
You can clone key material between partitions to back up the keys, or to migrate the keys from one HSM to another. The rules, prerequisites, and procedures for migrating your key material are described in the following topics:
>Cloning Objects to Another Application Partition
>Cloning Keys Between Luna 6, Luna 7, and Luna Cloud HSM
Overview and Key Concepts
A Crypto Officer can clone the cryptographic objects (keys) from one user partition to another user partition provided that:
>The user partitions share the same domain. See Domain Planning.
>The user partitions use the same authentication method (PED or password).
>The CO has the required credentials on both user partitions.
>The capabilities and policies set on the source and target HSM and user partitions allow cloning. See
Changes introduced with firmware 7.7.0 (and newer)
You can update Luna Client software, and Luna HSM firmware
When firmware is updated to version 7.7.0 or newer, some changes take place in the partitions and their contents, such that updated Client software is needed to make full use of the updated partitions and their contents. See What are "pre-firmware 7.7.0", and V0, and V1 partitions? for more detail on behaviors and constraints of the partition types.
In HA groups update the secondary members first, and then the primary member last.
Older client will continue to work with V0 partition for Network HSM.
For PCIe must use Client 10.3 or
Need newer client for V1 partitions when you want to use SKS or PKA.
•Client software must be version 10.3 or newer to support SKS, to work with V1 partitions and HA.See What are "pre-firmware 7.7.0", and V0, and V1 partitions? for more detail.
NOTE The library attempts to perform the individual actions of a cloning operation in sequence on the respective partitions. If the policies and partition types on the source and target partitions are incompatible, the partition clone command (or an attempted HA synchronization) can fail with a message like CKR_DATA_LEN_RANGE while trying to clone. This can occur if a key object from the source partition is a different size than an equivalent object expected by the target.