role createchallenge

Create a challenge secret for the Crypto Officer (CO) or Crypto User (CU) role on the current partition (slot). This command applies to PED-authenticated partitions only.

The challenge secret is a text string (password) that provides an additional level of authentication for PED-authenticated partitions. If you create a challenge secret for a role, the role authenticates to the partition as follows:

>If the role is not activated on the partition, the role must provide both the PED key and challenge secret to gain access to the partition.

>If the role is activated on the partition, the role is able to access the partition using the challenge secret only.

See Activation on Multifactor Quorum-Authenticated Partitions for more information.

You must be logged in as the Partition SO to create a challenge for the Crypto Officer. You must be logged in as the Crypto Officer to create a challenge for the Crypto User. The target role must already exist. See role init.

NOTE   This command is not applicable on DPoD Luna Cloud HSM services.

In LunaCM, passwords and activation challenge secrets must be 8-255 characters in length. The following characters are allowed:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_=+[]{}\|/;:',.<>?`~

Double quotation marks (") are problematic and should not be used within passwords.

Spaces are allowed; to specify a password with spaces using the -password or -newpw option of a command, enclose the password in double quotation marks.

Syntax

role createchallenge -name <role> [-challengesecret <string>]

Argument(s) Shortcut Description
-name <role> -n Name of role for which the challenge is to be created
-challengesecret -c The challenge secret (password) you wish to create for this role. If this option is not included, you will be prompted to enter a challenge secret, masked by asterisks (*).

Example

lunacm:> role createchallenge -name co

        Please attend to the PED.

        enter new challenge secret: ********

        re-enter new challenge secret: ********

Command Result : No Error