partition setlegacydomain
Set the legacy (Luna 4.x) cloning domain on a Luna 7 partition for the purposes of key migration:
>The legacy cloning domain for password-authenticated HSM partitions is the text string that was used as a cloning domain on the legacy HSM whose contents are to be migrated to the Luna PCIe HSM 7 partition.
>The legacy cloning domain for multifactor quorum-authenticated HSM partitions is the cloning domain secret on the red PED key for the legacy multifactor quorum-authenticated HSM whose contents are to be migrated to the Luna PCIe HSM 7 partition.
Your target HSM partition has, and retains, whatever modern partition cloning domain was imprinted (on a red PED key) when the partition was created. This command takes the domain value from your legacy HSM's red PED key and associates that with the modern-format domain of the partition, to allow the partition to be the cloning (restore...) recipient of objects from the legacy (token) HSM.
You cannot migrate objects from a password-authenticated token/HSM to a multifactor quorum-authenticated HSM partition, and you cannot migrate objects from a multifactor quorum-authenticated token/HSM to a password-authenticated HSM partition. Again, this is a security provision.
See Migrating Keys to Your New HSM for information on the possible combinations of source (legacy) tokens/HSMs and target (modern) HSM partitions and the disposition of token objects from one to the other.
NOTE You can use this command repeatedly to associate different legacy domains to the current partition's cloning domain. This allows you to consolidate content from multiple legacy HSMs onto a single partition of a modern HSM.
This command is not applicable on DPoD Luna Cloud HSM services.
Syntax
partition setlegacydomain [-legacydomain <legacystring>] [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-force | -f | Force action without prompting for confirmation. |
-legacydomain <legacystring> | -ld | Legacy cloning domain string. This parameter must be specified for password-authenticated HSMs. It is optional for PED authenticated HSMs. If not specified, the domain is obtained using the PED. |
Example
lunacm:> partition setlegacydomain Existing Legacy Cloning Domain will be destroyed. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now ->proceed
The PED prompts for the legacy red domain PED key (notice mention of "raw data" in the PED message).
Command result: No Error