Name, Label, and Password Requirements

This page describes length and character requirements for setting names, labels, domains, passwords, and challenge secrets on the Luna Network HSM 7. This information can also be found in relevant sections throughout the documentation. Refer to the applicable section below:

>Custom Appliance User Accounts

>Custom Appliance Roles

>Appliance User Passwords

>HSM Labels

>Cloning Domains

>Partition Names

>Partition Labels

>HSM/Partition Role Passwords or Challenge Secrets

Custom Appliance User Accounts

LunaSH user names can be 1-32 characters in length, chosen from letters a-z, or A-Z, numbers 0-9, the dash, the dot, or the underscore:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._

No spaces are allowed. User names cannot begin with a dot, dash, or number. As with any secure system, no two users (regardless of role) can have the same name.

Custom Appliance Roles

LunaSH role names can be 1-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_

No spaces are allowed. Creating a role name that begins with a number is not recommended. As with any secure system, no two roles can have the same name.

Appliance User Passwords

Using Luna Appliance Software 7.9.0 or newer, LunaSH passwords must be at least eight characters in length, and include characters from each of the following four categories. Previous versions require characters from three categories:

>  lowercase alphabetic: abcdefghijklmnopqrstuvwxyz

>  uppercase alphabetic: ABCDEFGHIJKLMNOPQRSTUVWXYZ

>  numeric: 0123456789

>  special (spaces allowed):  !@#$%^&*()-_=+[]{}\|/;:'",.<>?`~

HSM Labels

The HSM label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. Only alphanumeric characters and the underscore are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_

Cloning Domains

The domain string must be 1-128 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*-_=+[]{}()/:',.~

The following characters are problematic or invalid and must not be used in a domain string: "&;<>?\`|

Spaces are allowed, as long as the leading character is not a space; to specify a domain string with spaces using the -domain option, enclose the string in double quotation marks.

For password-authenticated HSMs, the domain string should match the complexity of the partition password.

Partition Names

Partition names created in LunaSH must be 1-32 characters in length. The following characters are allowed:

abcdefghijklmnopqurstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789!@#$%^*()-_=+{}[]:',./~

Spaces are allowed; enclose the partition name in double quotes if it includes spaces.

The following characters are not allowed: &\|;<>`"?

No two partitions can have the same name.

Partition Labels

In LunaSH, the partition label created during initialization must be 1-32 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~

Spaces are allowed; enclose the label in double quotation marks if it includes spaces.

In LunaCM, the partition label created during initialization must be 1-32 characters in length. If you specify a longer label, it will automatically be truncated to 32 characters. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>`~

Spaces are allowed; enclose the label in double quotation marks if it includes spaces.

HSM/Partition Role Passwords or Challenge Secrets

Passwords and activation challenge secrets must be 8-255 characters in length. Spaces are allowed; to specify a password with spaces using command-line options, enclose the password in double quotation marks. The space character may not be used as the first character in a password.

The following characters are allowed:

!#$%'()*+,-./0123456789:=? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~

This character set is enforced when using Luna Appliance Software 7.9.0 or Luna HSM Client 10.8.0 or newer, and recommended for all previous versions. Previously-set passwords and challenge secrets are unaffected, but the new character set is enforced when these passwords are changed.