CKdemo

NOTE   This is a general-purpose tool intended for use across Luna HSM versions. It might reference mechanisms and features that are not available on all Luna products.

The CKdemo utility is a simple console-based tool that provides a menu of functions that perform operations based on the PKCS#11 API. The options/operations are generally low-level, atomic commands, that would need to be combined to perform useful actions. The purpose of CKdemo is to allow you to become familiar with the low-level building-block commands and combinations that you would then program into your application, using the Software Development Kit and API.

Accessing ckdemo

The CKdemo utility is included with the Luna HSM Client.

NOTE   As a general rule, you would need to

1.open a session (option 1)

2.log in (option 3)

before using further CKdemo options.

To access CKdemo from a Linux client:

1.Go to the Luna HSM Client binary directory.

cd /usr/safenet/lunaclient/bin

2.Launch the ckdemo utility.

./ckdemo

To access CKdemo from a Windows client:

1.Navigate to the Luna HSM Client installation folder (C:\Program Files\SafeNet\LunaClient).

2.Double-click on CKdemo to open a console window with the ckdemo interface.

Using the Menu

When you launch the ckdemo utility, the menu provides access to functions organized by category.

To execute functions listed in the menu, type the number of the function and press Enter. You will be prompted to provide additional parameters as required. Since most commands represent multiple HSM functions, you may need to use more than one command to accomplish a task. For example, many commands require that you first open a session on a token slot or HSM partition (function 1). Others require that you first login to the HSM or partition (function 3).

Authentication or initialization functions may require the Luna PED. If the Luna PED is connected and ready when a command is issued, it prompts the user for the appropriate action. Otherwise, the command times out. If you do not provide the requested PED key or keypad input, the Luna PED times out and returns an error to the calling application (in this case, ckdemo).

The ckdemo functions are described in the following sections:

>AUDIT/LOG Menu Functions

>CA Menu Functions

>CLUSTER EXECUTION Menu Functions

>HIGH AVAILABILITY RECOVERY Menu Functions

>KEY Menu Functions

>OBJECT MANAGEMENT Menu Functions

>OFFBOARD KEY STORAGE Menu Functions

>OTHERS Menu Functions

>PED INFO Menu Functions

>POLICY Menu Functions

>SCRIPT EXECUTION Menu Functions

>SECURITY Menu Functions

>SRK Menu Functions

>TOKEN Menu Functions

>KEY AUTHORIZATION Menu Functions

Example

TOKEN:
    ( 1) Open Session  ( 2) Close Session  ( 3) Login
    ( 4) Logout        ( 5) Change PIN     ( 6) Init Token
    ( 7) Init Pin      ( 8) Mechanism List ( 9) Mechanism Info
    (10) Get Info      (11) Slot Info      (12) Token Info
    (13) Session Info  (14) Get Slot List  (15) Wait for Slot Event
    (16) Token Status  (17) SessionCancel  (18) Factory Reset
    (19) CloneMofN     (33) Token Insert   (34) Token Delete
    (36) Show Roles    (37) Show Role Configuration Policies
    (38) Show Role State   (39) Get OUID   (140) Get Handle
    (58) HSM Zeroize       (59) Token Zeroize
    (160) Show License List   (161) QueryLicense   (162) HSM Stats
    (163) LogoutOther
OBJECT MANAGEMENT:
    (20) Create object (21) Copy object    (22) Destroy object
    (23) Object size   (24) Get attribute  (25) Set attribute
                       (26) Find object    (27) Display Object
    (30) Modify Usage Count         (31) Destroy Multiple Objects
    (32) Extract Public Key         (35) Import Public Key
SECURITY:
    (40) Encrypt file  (41) Decrypt file   (42) Sign
    (43) Verify        (44) Hash file      (45) Simple Generate Key
    (46) Digest Key
HIGH AVAILABILITY RECOVERY :
    (49) HA Current Status       (50) HA Recovery Init       (51) HA Recovery Login
    (52) HA Group Status
POLICY:
   (53) Show Partition Policies     (54) Set Partition Policies
   (55) Show HSM Policies (56) Set HSM Policies (57) Set Destructive HSM Policies
KEY:
    (60) Wrap key      (61) Unwrap key     (62) Generate random number
    (63) Derive Key    (64) PBE Key Gen    (65) Create known keys
    (66) Seed RNG      (67) EC User Defined Curves
    (68) SM2 User Defined Curves
    (69) Translate key
CA:
    (70) Set Domain    (71) Clone Key      (72) Set MofN
    (73) Generate MofN (74) Activate MofN  (75) Generate Token Keys
                                           (77) Sign Token Cert
    (78) Generate CertCo Cert              (79) Modify MofN
    (85) Put HSM Data/Parameter
    (86) Dup. MofN Keys                    (87) Deactivate MofN
    (88) Get Token Certificates            (89) Get HSM Data/Parameter
    (112) Set Legacy Cloning Domain
OTHERS:
    (90) Self Test
    (92) Get App ID
    (93) Utilization Metrics
    (94) Open Access    (95) Close Access
    (97) Set App ID     (98) Options
OFFBOARD KEY STORAGE:
   (101) Extract Masked Object            (102) Insert Masked Object
   (103) Multisign With Value             (104) Clone Object
   (105) SIMExtract                       (106) SIMInsert
   (107) SimMultiSign                     (108) SMKRollover
   (109) CPv4 MigrateKeys
   (118) Extract Object                   (119) Insert Object
CLUSTER EXECUTION:
   (111) Get Cluster State
   (113) Lock Clustered Slot              (114) Unlock Clustered Slot
PED INFO:
   (120) Set Ped Info   (121) Get Ped Info (122) Init RPV
   (123) Delete RPV
AUDIT/LOG:
   (130) Get Config     (131) Set Config   (132) Verify logs
   (133) Get Time       (134) Set Time     (135) Import Secret
   (136) Export Secret  (137) Init Audit   (138) Get Status
   (139) Log External
SRK:
   (200) SRK Get State  (201) SRK Restore  (202) SRK Resplit
   (203) SRK Zeroize    (204) SRK Enable/Disable
Per Key Authorization:
    (210) Authorize Key              (211) Set Authorization Data
    (212) Reset Authorization Data   (213) Assign Key
    (214) Increment Failed Auth Count
Cloning API:
    (215) CloneAsSourceInit          (216) CloneAsTargetInit
    (217) CloneAsSource              (218) CloneAsTarget
    (219) CPv4 MigrateKeys           (220) CPv4 Negotiate Session
    (221) CPv4 Close Session
IS6 Migration:
    (300) Set IS6 Domain             (301) Insert IS6 Group Part
    (302) Insert IS6 Member Part     (303) Insert IS6 Key

(TITLE) menu titles, (99 or FULL) Full Help, (NONE) No help, (0 or EXIT) Quit


Status: Doing great, no errors (CKR_OK)
Enter your choice : :