hsm smkclone
Clone the Scalable Key Storage Masking Key (SMK) from the current slot to the target slot.
Always back up any SMK that you have created (with partition archive backup to an SKS Backup HSM), before performing an action that would overwrite that SMK, like hsm smkClone or like partition archive restore from an SKS partition on an SKS Backup HSM. Failure to do so risks permanently losing any objects that are encrypted with that original SMK.
CAUTION! This command overwrites the SMK in the target partition with the SMK from the source. If you have exported any objects using a particular SMK, that SMK must be backed up to a Backup HSM before you overwrite it with smkclone, or those exported objects become unusable and can never be recovered.
An SMK secret that is cloned from a source V1 HSM partition to a target V1 partition overwrites any pre-existing V1 SMK on the target partition. SMK secrets cloned from V0 partitions do not overwrite V1 SMK secrets, but are stored separately.
On a Luna PCIe HSM 7 or Luna USB HSM 7 the Admin partition defaults to V1, so it has an SMK.
NOTE The hsm commands appear only when LunaCM's active slot is set to the administrative partition.
Syntax
hsm smkClone -slot <slot number> [-force] -password <password>
| Argument | Shortcut | Description |
|---|---|---|
| -force | -f | Force the action without prompting for confirmation (useful when scripting commands). |
| -password <password> | -p | Password of the target slot. |
| -slot <number> | -sl | Target slot to which the source SMK is to be cloned (overwriting any SMK that might already be in the target slot). |
Example
lunacm (64-bit) v10.7.1-62. Copyright (c) 2024 Thales Group. All rights reserved.
Available HSMs:
Slot Id -> 3
Label -> MyPar
Serial Number -> 1292468271971
Model -> Luna K7
Firmware Version -> 7.8.4
Bootloader Version -> 1.1.5
Configuration -> Luna User Partition With SO (PW) Signing With Cloning Mode
Slot Description -> User Token Slot
FM HW Status -> FM Ready
Slot Id -> 103
Label -> card1
Serial Number -> 555111
Model -> Luna K7
Firmware Version -> 7.8.4
Bootloader Version -> 1.1.5
Configuration -> Luna HSM Admin Partition (PW) Signing With Cloning Mode
Slot Description -> Admin Token Slot
FM HW Status -> FM Ready
HSM Configuration -> Luna HSM Admin Partition (PW)
HSM Status -> L3 Device
HSM Certificates ->
Slot Id -> 104
Label -> G7Par
Serial Number -> 1434611353268
Model -> Luna G7
Firmware Version -> 7.7.3
Bootloader Version -> 1.6.0
Configuration -> Luna User Partition With SO (PW) Key Export With Cloning Mode
Slot Description -> User Token Slot
Slot Id -> 105
Label -> G7HSM
Serial Number -> 616161
Model -> Luna G7
Firmware Version -> 7.7.3
Bootloader Version -> 1.6.0
Configuration -> Luna HSM Admin Partition (PW) Key Export With Cloning Mode
Slot Description -> Admin Token Slot
HSM Status -> L3 Device, OK
HSM Certificates ->
Current Slot Id: 3
lunacm:>s s s 103
Current Slot Id: 103 (Luna Admin Slot 7.8.4 (PW) Signing With Cloning Mode)
Command Result : No Error
lunacm:>role login -n so -p so-password
Command Result : No Error
lunacm:>hsm smkclone -slot 105 -password so-password
Logging in to target slot 105
Cloning the SMK.
The SMK was cloned successfully.
Command Result : No Error
lunacm:>
