ckdemo

NOTE   This is a general-purpose tool intended for use across Luna HSM versions. It might reference mechanisms and features that are not available on all Luna products.

The ckdemo utility is a simple console-based tool that provides a menu of functions that perform operations based on the PKCS#11 API. The options/operations are generally low-level, atomic commands, that would need to be combined to perform useful actions. The purpose of ckdemo is to allow you to become familiar with the low-level building-block commands and combinations that you would then program into your application, using the Software Development Kit and API

Accessing ckdemo

The ckdemo utility is included with the Luna HSM Client.

NOTE   As a general rule, you would need to

open a session (option 1) and,

log in (option 3),

before using further ckdemo options.

To access ckdemo from a Linux client:

1.Go to the Luna HSM Client binary directory.

cd /usr/safenet/lunaclient/bin

2.Launch the ckdemo utility.

./ckdemo

To access ckdemo from a Windows client:

1.Navigate to the Luna HSM Client installation folder (C:\Program Files\SafeNet\LunaClient).

2.Double-click on ckdemo to open a console window with the ckdemo interface.

Using the Menu

When you launch the ckdemo utility, the menu provides access to functions organized by category.

To execute functions listed in the menu, type the number of the function and press Enter. You will be prompted to provide additional parameters as required. Since most commands represent multiple HSM functions, you may need to use more than one command to accomplish a task. For example, many commands require that you first open a session on a token slot or HSM partition (function 1). Others require that you first login to the HSM or partition (function 3).

Authentication or initialization functions may require the Luna PED. If the Luna PED is connected and ready when a command is issued, it prompts the user for the appropriate action. Otherwise, the command times out. If you do not provide the requested PED key or keypad input, the Luna PED times out and returns an error to the calling application (in this case, ckdemo).

The ckdemo functions are described in the following sections:

>AUDIT/LOG Menu Functions

>CA Menu Functions

>CLUSTER EXECUTION Menu Functions

>HIGH AVAILABILITY RECOVERY Menu Functions

>KEY Menu Functions

>OBJECT MANAGEMENT Menu Functions

>OFFBOARD KEY STORAGE Menu Functions

>OTHERS Menu Functions

>PED INFO Menu Functions

>POLICY Menu Functions

>SCRIPT EXECUTION Menu Functions

>SECURITY Menu Functions

>SRK Menu Functions

>TOKEN Menu Functions

>KEY AUTHORIZATION Menu Functions  

Example

TOKEN:
    ( 1) Open Session  ( 2) Close Session  ( 3) Login
    ( 4) Logout        ( 5) Change PIN     ( 6) Init Token
    ( 7) Init Pin      ( 8) Mechanism List ( 9) Mechanism Info
    (10) Get Info      (11) Slot Info      (12) Token Info
    (13) Session Info  (14) Get Slot List  (15) Wait for Slot Event
    (16) Token Status  (18) Factory Reset  (19) CloneMofN
    (33) Token Insert  (34) Token Delete
    (36) Show Roles    (37) Show Role Configuration Policies
    (38) Show Role State   (39) Get OUID
    (58) HSM Zeroize       (59) Token Zeroize
OBJECT MANAGEMENT:
    (20) Create object (21) Copy object    (22) Destroy object
    (23) Object size   (24) Get attribute  (25) Set attribute
                       (26) Find object    (27) Display Object
    (30) Modify Usage Count         (31) Destroy Multiple Objects
    (32) Extract Public Key
SECURITY:
    (40)  Encrypt file (41) Decrypt file   (42)  Sign
    (43)  Verify       (44) Hash file      (45)  Simple Generate Key
                                           (46)  Digest Key
HIGH AVAILABILITY RECOVERY:
    (50) HA Init       (51) HA Login     (52) HA Status
KEY:
    (60) Wrap key      (61) Unwrap key     (62) Generate random number
    (63) Derive Key    (64) PBE Key Gen    (65) Create known keys
    (66) Seed RNG      (67) EC User Defined Curves
CA:
    (70) Set Domain    (71) Clone Key      (72) Set MofN
    (73) Generate MofN (74) Activate MofN  (75) Generate Token Keys
    (76) Get Token Cert Info               (77) Sign Token Cert
    (78) Generate CertCo Cert              (79) Modify MofN
    (86) Dup. MofN Keys                    (87) Deactivate MofN
    (88) Get Token Certificates            (112) Set Legacy Cloning Domain
OTHERS:
    (90) Self Test
    (94) Open Access    (95) Close Access
    (97) Set App ID     (98) Options      
OFFBOARD KEY STORAGE:
   (101) Extract Masked Object            (102) Insert Masked Object
   (103) Multisign With Value             (104) Clone Object
   (105) SIMExtract                       (106) SIMInsert
   (107) SimMultiSign                     (118) Extract Object
                                          (119) Insert Object
SCRIPT EXECUTION:
   (108) Execute Script                   (109) Execute Asynchronous Script
                                          (110) Execute Single Part Script
CLUSTER EXECUTION:
   (111) Get Cluster State
   (113) Lock Clustered Slot              (114) Unlock Clustered Slot
PED INFO:
   (120) Set Ped Info   (121) Get Ped Info (122) Init RPV
   (123) Delete RPV
AUDIT/LOG:
   (130) Get Config     (131) Set Config   (132) Verify logs
   (133) Get Time       (134) Set Time     (135) Import Secret
   (136) Export Secret  (137) Init Audit   (138) Get Status
   (139) Log External
SRK:
   (200) SRK Get State  (201) SRK Restore  (202) SRK Resplit
   (203) SRK Zeroize    (204) SRK Enable/Disable

KEY AUTHORIZATION  
   (210) Authorize Key               (211) Set Authorization Data
   (212) ReSet Authorization Data    (213) Assign Key  

POLICY:
   (53) Show Partition Policies     (54) Set Partition Policies
   (55) Show HSM Policies (56) Set HSM Policies (57) Set Destructive HSM Policies

(TITLE) menu titles, (99 or FULL) Full Help, (NONE) No help, (0 or EXIT) Quit

Enter your choice :