Luna HSM Client 7.0.0
Luna HSM Client 7.0.0 was released in June 2017.
>Download Luna HSM Client 7.0.0
New Features and Enhancements
Luna HSM Client 7.0.0 includes the following new features and enhancements:
Partition Security Officer
All application partitions now have a Partition Security Officer (PO) role that is completely distinct from the HSM Security Officer (HSM SO) role. In this security model, the HSM SO is responsible only for initializing the HSM, setting HSM-level security policies, and creating and deleting partitions. After creating the partitions, the HSM SO has no access to the contents of the partitions. Partitions are owned by the PO, who is responsible for initializing the partition, setting the partition-level security policies and initializing the cryptographic roles on the partition. This model permits a complete separation of roles on the HSM.
See Partition Roles.
Best-in-Class Performance
Luna PCIe HSM 7 7 provides cryptographic performance that is 10x faster than the release 5.x and 6.x Luna HSMs.
Industry-Leading Security
Luna PCIe HSM 7 7 provides enhanced environmental failure protection and tamper resistance.
Improved Random Number Generation
The performance of Luna PCIe HSM 7 7's AES-256 CTR DRBG random number generation is significantly increased from previous versions. The RNG is fully compliant with the latest entropy standards:
>SP800-90B
>SP800-90C
>BSI DRG.4
New Cryptographic Mechanism Support
Luna PCIe HSM 7 7 adds support for the following cryptographic algorithms:
>SP800-108 HMAC
>SP800-38F (KWP)
>Curve 25519
>AES-XTS - disk encryption standard
Increased Key Storage Capacity
Luna PCIe HSM 7 7 provides up to 32 MB of cryptographic object storage (depending on the model).
Secure Transport Mode Redesigned
Secure Transport Mode (STM) in Luna PCIe HSM 7 7 provides a simple, secure method for shipping an HSM to a new location and verifying its integrity upon receipt. When the HSM SO enables STM, it locks the HSM and its contents, and records the current configuration as a pair of unique strings. When the HSM is recovered from STM, the unique strings are redisplayed. If the strings match, the HSM has not been tampered or modified during transport.
Supported Operating Systems
You can install the Luna HSM Client 7.0.0 on the following operating systems:
| Operating System | Version | 64-bit applications on 64-bit OS | 32-bit applications on 64-bit OS | 32-bit applications on 32-bit OS |
|---|---|---|---|---|
| Windows | 10 | Yes | Yes | No |
| Windows Server | 2016 | Yes | Yes | No |
| 2012 R2 | Yes | Yes | No | |
| Redhat-based Linux (including variants like CentOS) | 7 | Yes | Yes | Yes |
| 6 | Yes | Yes | Yes | |
| Ubuntu * | 14.04 | Yes | No | Yes |
* The Linux installer for Luna HSM Client software is compiled as .rpm packages. To install on a Debian-based distribution, such as Ubuntu, alien is used to convert the packages. We used build-essential:
apt-get install build-essential alien
If you are using a Docker container or another such microservice to install the Luna Minimal Client on Ubuntu, and your initial client installation was on another supported Linux distribution as listed above, you do not require alien. Refer to the product documentation for instructions. You might need to account for your particular system and any pre-existing dependencies for your other applications.
Supported Cryptographic APIs
Applications can perform cryptographic operations using the following APIs:
>PKCS#11 2.20
>Java 7/8
>OpenSSL
>Microsoft CAPI
>Microsoft CNG
Advisory Notes
This section highlights important issues you should be aware of before deploying Luna HSM Client 7.0.0.
Deprecated and Discontinued Features
The following features are deprecated or discontinued in Luna 7. If you have been using any of these Luna 5/6 features, plan for a new configuration and workflow that does not make use of the feature:
>Small form factor (SFF) backup
