Name, Label, and Password Requirements

This page describes length and character requirements for setting names, labels, domains, passwords, and challenge secrets on the Luna Network HSM 7. This information can also be found in relevant sections throughout the documentation. Refer to the applicable section below:

>Custom Appliance User Accounts

>Custom Appliance Roles

>Appliance User Passwords

>HSM Labels

>Cloning Domains

>Partition Names

>Partition Labels

>HSM/Partition Role Passwords or Challenge Secrets

Custom Appliance User Accounts

LunaSH user names can be 1-32 characters in length, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._

No spaces are allowed. User names cannot begin with a dot, dash, or number. As with any secure system, no two users (regardless of role) can have the same name.

Custom Appliance Roles

LunaSH role names can be 1-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_

No spaces are allowed. Creating a role name that begins with a number is not recommended. As with any secure system, no two roles can have the same name.

Appliance User Passwords

LunaSH passwords must be at least eight characters in length, and include characters from at least three of the following four groups:

>  lowercase alphabetic: abcdefghijklmnopqrstuvwxyz

>  uppercase alphabetic: ABCDEFGHIJKLMNOPQRSTUVWXYZ

>  numeric: 0123456789

>  special (spaces allowed):  !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~

HSM Labels

The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. Only alphanumeric characters and the underscore are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_

Cloning Domains

The domain string must be 1-128 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*-_=+[]{}/:',.~

The following characters are problematic or invalid and must not be used in a domain string: "&;<>\`|()

Spaces are allowed, as long as the leading character is not a space; to specify a domain string with spaces using the -domain option, enclose the string in double quotation marks.

For password-authenticated HSMs, the domain string should match the complexity of the partition password.

Partition Names

Partition names created in LunaSH must be 1-32 characters in length. The following characters are allowed:

abcdefghijklmnopqurstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^*()-_=+{}[]:',./~

Spaces are allowed; enclose the partition name in double quotes if it includes spaces.

The following characters are not allowed: &\|;<>`"?

No two partitions can have the same name.

Partition Labels

In LunaSH, the partition label created during initialization must be 1-32 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~

Spaces are allowed; enclose the label in double quotation marks if it includes spaces.

In LunaCM, the partition label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>`~

Spaces are allowed; enclose the label in double quotation marks if it includes spaces.

HSM/Partition Role Passwords or Challenge Secrets

In LunaSH, HSM role passwords must be 8-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~

The following characters are invalid or problematic and must not be used within passwords: "&;<>\`|

Spaces are allowed; to specify a password with spaces, enclose the password in double quotation marks.

In LunaCM, passwords and activation challenge secrets must be 8-255 characters in length (NOTE: If you are using firmware version 7.0.x, 7.3.3, or 7.4.2, activation challenge secrets must be 7-16 characters in length). The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used within passwords.

Spaces are allowed; to specify a password with spaces using the -password or -newpw option of a command, enclose the password in double quotation marks.