CA Menu Functions
The CA menu provides the following functions:
# | Function | Description |
---|---|---|
(70) | Set Domain |
(Not for Luna Network HSM) This option prompts for a text string and sets the token cloning domain name to that value. To clone a key between two Luna CA3 tokens (historical products, no longer available), both tokens must share the same red PED key. |
(71) | Clone Key |
(Not for Luna Network HSM) This option allows you to clone a key from one Luna RA token to another (or one Luna CA3 token to another, (historical products, no longer available)). Both tokens must have the same cloning domain name (or red PED key). Both tokens must have an open and logged on session active. |
(72) | Set MofN |
(Not for Luna Network HSM) If you have a Luna CA3 token (historical products, no longer available), which supports MofN authentication, this option allows you to turn on the MofN token feature. This option alone does nothing to the token, but instead sets a flag specifying that the next token to be initialized should have its MofN feature turned on (assuming, of course, that the token supports it). |
(73) | Generate MofN |
(Not for Luna Network HSM) This option allows you to generate MofN authentication splits, or secret shares. You can generate up to 16 shares (N), and you can specify how many of these shares are needed (M) in order to activate the token (up to 16). |
(74) | Activate MofN |
(Not for Luna Network HSM) This option allows you to authenticate yourself to the token using MofN secret shares generated by option (73) Generate MofN. You must activate MofN on a token on which MofN has been generated, or you are unable to perform any cryptographic operations with the token. |
(75) | Generate Token Keys |
(Not for Luna Network HSM) Some tokens have the ability to support customer loaded certificates used for key cloning. If your token supports this feature, and you wish to use your own key cloning certificates (rather than the default certificates provided by Thales), the first step is to Generate token keys. NOTE If you do this, you are not able to clone to any other Luna CA tokens except those containing your own certificate. |
(76) | Get Token Cert |
(Not for Luna Network HSM) This option is the next step in loading your own key cloning certificate onto the token. This action is done after option (75) Generate Token Keys. |
(77) | Sign Token Cert |
(Not for Luna Network HSM) This option is the final step to load a customer key cloning certificate to the token. This step is done after options (75) Generate Token Keys and (76) Get Token Cert. |
(78) | Generate CertCo Cert |
(Not for Luna Network HSM) Generate a special-purpose certificate for CertCo application. |
(79) | Modify MofN |
(Not for Luna Network HSM) Modifies the secret splitting vector on a token. |
(86) | Duplicate MofN Keys |
(Not for Luna Network HSM) Create duplicates (copies) of all MofN secret splits. |
(87) | Deactivate MofN |
Decache the MofN data. |
(88) | Get Token Certificates |
Extract one of the following certificates from the HSM. You must supply the type and filename of the certificate you want to extract: >Root certificate >Hardware origin certificate >ECC hardware origin certificate >TWC (token wrapping certificate) version 1, 2, or 3. >CITS device authentication certificate |
(112) | Set Legacy Cloning Domain |
This option sets the legacy Cloning Domain, from a legacy token, into association with the modern cloning domain attached to a current-model Luna HSM, to allow migration of token objects from legacy HSMs. |