CKdemo
NOTE This is a general-purpose tool intended for use across Luna HSM versions. It might reference mechanisms and features that are not available on all Luna products.
The CKdemo utility is a simple console-based tool that provides a menu of functions that perform operations based on the PKCS#11 API. The options/operations are generally low-level, atomic commands, that would need to be combined to perform useful actions. The purpose of CKdemo is to allow you to become familiar with the low-level building-block commands and combinations that you would then program into your application, using the Software Development Kit and API.
Accessing ckdemo
The CKdemo utility is included with the Luna HSM Client.
NOTE As a general rule, you would need to
1.open a session (option 1)
2.log in (option 3)
before using further CKdemo options.
To access CKdemo from a Linux client:
1.Go to the Luna HSM Client binary directory.
cd /usr/safenet/lunaclient/bin
2.Launch the ckdemo utility.
./ckdemo
To access CKdemo from a Windows client:
1.Navigate to the Luna HSM Client installation folder (C:\Program Files\SafeNet\LunaClient).
2.Double-click on CKdemo to open a console window with the ckdemo interface.
Using the Menu
When you launch the ckdemo utility, the menu provides access to functions organized by category.
To execute functions listed in the menu, type the number of the function and press Enter. You will be prompted to provide additional parameters as required. Since most commands represent multiple HSM functions, you may need to use more than one command to accomplish a task. For example, many commands require that you first open a session on a token slot or HSM partition (function 1). Others require that you first login to the HSM or partition (function 3).
Authentication or initialization functions may require the Luna PED. If the Luna PED is connected and ready when a command is issued, it prompts the user for the appropriate action. Otherwise, the command times out. If you do not provide the requested PED key or keypad input, the Luna PED times out and returns an error to the calling application (in this case, ckdemo).
The ckdemo functions are described in the following sections:
>CLUSTER EXECUTION Menu Functions
>HIGH AVAILABILITY RECOVERY Menu Functions
>OBJECT MANAGEMENT Menu Functions
>OFFBOARD KEY STORAGE Menu Functions
>SCRIPT EXECUTION Menu Functions
>KEY AUTHORIZATION Menu Functions
Example
TOKEN: ( 1) Open Session ( 2) Close Session ( 3) Login ( 4) Logout ( 5) Change PIN ( 6) Init Token ( 7) Init Pin ( 8) Mechanism List ( 9) Mechanism Info (10) Get Info (11) Slot Info (12) Token Info (13) Session Info (14) Get Slot List (15) Wait for Slot Event (16) Token Status (17) SessionCancel (18) Factory Reset (19) CloneMofN (33) Token Insert (34) Token Delete (36) Show Roles (37) Show Role Configuration Policies (38) Show Role State (39) Get OUID (140) Get Handle (58) HSM Zeroize (59) Token Zeroize (160) Show License List (161) QueryLicense (162) HSM Stats (163) LogoutOther OBJECT MANAGEMENT: (20) Create object (21) Copy object (22) Destroy object (23) Object size (24) Get attribute (25) Set attribute (26) Find object (27) Display Object (30) Modify Usage Count (31) Destroy Multiple Objects (32) Extract Public Key (35) Import Public Key SECURITY: (40) Encrypt file (41) Decrypt file (42) Sign (43) Verify (44) Hash file (45) Simple Generate Key (46) Digest Key HIGH AVAILABILITY RECOVERY : (49) HA Current Status (50) HA Recovery Init (51) HA Recovery Login (52) HA Group Status POLICY: (53) Show Partition Policies (54) Set Partition Policies (55) Show HSM Policies (56) Set HSM Policies (57) Set Destructive HSM Policies KEY: (60) Wrap key (61) Unwrap key (62) Generate random number (63) Derive Key (64) PBE Key Gen (65) Create known keys (66) Seed RNG (67) EC User Defined Curves (68) SM2 User Defined Curves (69) Translate key CA: (70) Set Domain (71) Clone Key (72) Set MofN (73) Generate MofN (74) Activate MofN (75) Generate Token Keys (77) Sign Token Cert (78) Generate CertCo Cert (79) Modify MofN (85) Put HSM Data/Parameter (86) Dup. MofN Keys (87) Deactivate MofN (88) Get Token Certificates (89) Get HSM Data/Parameter (112) Set Legacy Cloning Domain OTHERS: (90) Self Test (92) Get App ID (93) Utilization Metrics (94) Open Access (95) Close Access (97) Set App ID (98) Options OFFBOARD KEY STORAGE: (101) Extract Masked Object (102) Insert Masked Object (103) Multisign With Value (104) Clone Object (105) SIMExtract (106) SIMInsert (107) SimMultiSign (108) SMKRollover (109) CPv4 MigrateKeys (118) Extract Object (119) Insert Object CLUSTER EXECUTION: (111) Get Cluster State (113) Lock Clustered Slot (114) Unlock Clustered Slot PED INFO: (120) Set Ped Info (121) Get Ped Info (122) Init RPV (123) Delete RPV AUDIT/LOG: (130) Get Config (131) Set Config (132) Verify logs (133) Get Time (134) Set Time (135) Import Secret (136) Export Secret (137) Init Audit (138) Get Status (139) Log External SRK: (200) SRK Get State (201) SRK Restore (202) SRK Resplit (203) SRK Zeroize (204) SRK Enable/Disable Per Key Authorization: (210) Authorize Key (211) Set Authorization Data (212) Reset Authorization Data (213) Assign Key (214) Increment Failed Auth Count Cloning API: (215) CloneAsSourceInit (216) CloneAsTargetInit (217) CloneAsSource (218) CloneAsTarget (219) CPv4 MigrateKeys (220) CPv4 Negotiate Session (221) CPv4 Close Session IS6 Migration: (300) Set IS6 Domain (301) Insert IS6 Group Part (302) Insert IS6 Member Part (303) Insert IS6 Key (TITLE) menu titles, (99 or FULL) Full Help, (NONE) No help, (0 or EXIT) Quit Status: Doing great, no errors (CKR_OK) Enter your choice : :