hsm ped connect
Connect to a remote PED. This command instructs PedClient to attempt to connect to the Remote PED Server at the IP address and port specified on the command line, or configured using the hsm ped set command. See hsm ped set for more information.
Behavior when defaults are configured using hsm ped set
The hsm ped set command allows you to configure a default IP address and/or port for the Remote PED Server. These values are used if they are not specified when you issue the hsm ped connect command. The behavior of the hsm ped connect command when defaults are configured using hsm ped set is as follows:
| Values set with hsm ped set |
Parameters specified by hsm ped connect |
IP address used | Port used |
|---|---|---|---|
| IP address and port | None | IP address configured with hsm ped set. | Port configured with hsm ped set. |
| IP address | IP address specified by hsm ped connect | Port configured with hsm ped set. | |
| Port | IP address configured with hsm ped set. | Port specified by hsm ped connect | |
| IP address and port | IP address specified by hsm ped connect | Port specified by hsm ped connect | |
| IP address only | None | IP address configured with hsm ped set. | Port 1503 (default). |
| IP address | IP address specified by hsm ped connect | Port 1503 (default). | |
| Port | IP address configured with hsm ped set. | Port specified by hsm ped connect. | |
| IP address and port | IP address specified by hsm ped connect | Port specified by hsm ped connect. | |
| Port only | None | Error. You must use the -ip parameter to specify an IP address. | Port configured with hsm ped set. |
| IP address | IP address specified by hsm ped connect | Port configured with hsm ped set. | |
| Port | Error. You must use the -ip parameter to specify an IP address.. | Port specified by hsm ped connect | |
| IP address and port | IP address specified by hsm ped connect | Port specified by hsm ped connect |
Behavior when no defaults are configured using hsm ped set
If no defaults are configured using hsm ped set, you must specify at least an IP address. If no port is specified, the default port (1503) is used.
NOTE To set up or erase a Remote PED vector, or to make or break the Remote PED connection, on an HSM that is externally connected to the Luna Network HSM 7, use the "-serial" option to specify the target HSM. If "-serial" is not specified, then the command acts on the Luna Network HSM 7's internal HSM card.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
hsm ped connect [-ip <ip_address>] -password <optional_PIN> [-port <port>] [-serial <serial_num>] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -force | -f | Force the action without prompting. |
| -ip <ip_address> | -i | Specifies the IP Address of the remote Luna PED. |
| -password <optional_PIN> | -pa |
Used to set up a one-time password-protected secure channel between an uninitialized HSM and the Luna PED, allowing you to securely initialize the orange (Remote PED Vector) key. Include -password alone to use a randomly-generated one-time PIN, or you can specify your own 8-digit numeric pin using -password <optional_PIN>. See Remote RPV Initialization for more information. NOTE This option is available only if you are using Luna HSM Firmware 7.7.0 or newer and Luna HSM Client 10.3.0 or newer. Using older firmware, you are prompted to enter an 8-digit numeric PIN. |
| -port <port> | -po |
Network Port (0-65535). Default: 1503 |
| -serial <serial_num> | -s | Token Serial Number. |
Examples
Connecting to a remote PED on a Luna Network HSM 7 with zeroized HSM and non-initialized RPV
lunash:>hsm ped c -ip 172.20.9.24 Luna PED operation required to connect to Remote PED - use orange PED key(s). Luna PED operation required to connect to remote PED - Enter PED password: 37749794. Command Result : 0 (Success)
Connecting to a remote PED on a Luna Network HSM 7 with zeroized HSM, non-initialized RPV and provided manually defined password
lunash:>hsm ped c -ip 172.20.9.24 -password 12345678 Luna PED operation required to connect to Remote PED - use orange PED key(s). Luna PED operation required to connect to remote PED - Enter PED password: 12345678. Command Result : 0 (Success)
Connecting to a remote PED on a Luna Network HSM 7 with zeroized HSM, non-initialized RPV, and incorrect password was typed on PED
lunash:>hsm ped c -ip 172.20.9.24 Luna PED operation required to connect to Remote PED - use orange PED key(s). Luna PED operation required to connect to remote PED - Enter PED password: 58592536. Error connecting to remote PED with error code: LUNA_RET_PED_DEK_INVALID Error for 'hsm ped connect': 0X300146 (LUNA_RET_PED_DEK_INVALID) Failed to connect the remote PED Command Result : 65535 (Luna Shell execution)
Connecting to a remote PED on a Luna Network HSM 7 with zeroized HSM and initialized RPV
lunash:>hsm ped c -ip 172.20.9.24 Luna PED operation required to connect to Remote PED - use orange PED key(s). Command Result : 0 (Success)
Connecting to a remote PED on a Luna PED with zeroized HSM, initialized RPV and provided manual defined password:
lunash:>hsm ped c -ip 172.20.9.24 -password 12345678 Luna PED operation required to connect to Remote PED - use orange PED key(s). Warning: You provided "-password" option, but either the Remote PED Vector has already been initialized or HSM is not zeroized. "-password" option provided was ignored. Command Result : 0 (Success)
Using incorrect number of digits for “-password” option
lunash:>hsm ped c -ip 172.20.9.24 -password 1234 Syntax Error: password parameter 1234 for option -password is shorter than minimum length 8 Command Result : 22 (Invalid argument) Syntax: hsm ped connect [-ip <ipaddress>] [-port <port>] [-serial <serialnum>] [-force] Option(s) Short Parameter Description ..................................................................................... -ip -i <ipaddress> IP Address -port -po <port> Network Port (0-65535) -serial -s <serialnum> Token Serial Number -force -f . Force Action Setup a remote PED connection.
