CHAPTER 5 Creating a Partition on the HSM
Authenticate as HSM Admin by supplying the appropriate HSM Admin password when you are prompted — this is
generally preferable to typing the password on the command line, because your response to the password prompt is
hidden from view by “*” characters.
WARNING! If you fail three consecutive login attempts as HSM Admin, the HSM is
zeroized and cannot be used — it must be re-initialized. Re-initializing zeroizes the
HSM contents. Zeroizing destroys all key material. Please note that the Luna HSM
must actually receive some information before it logs a failed attempt, so if you just
press [Enter] without typing a password, that is not logged as a failed attempt. Also,
when you successfully login, the counter is reset to zero.
If you are not sure that you are currently logged in as HSM Admin, perform an ‘
hsm logout
’.
Next, see
"Create the Partition [PW]" on page 73
.
Create the Partition [PW]
Having logged in, you can now use the ‘partition’ command.
When you issue the partition create command, to create an HSM Partition, you must supply a label or name for the new
Partition.
Note:
Choose a partition name that is meaningful, in the context of your operations.
Partition names must be unique in the HSM. You are not permitted to create two partitions with
the same label on one HSM. This will be the label seen by PKCS #11 applications.
A partition name can be from 1 to 64 characters in length, and can include any of the following characters :
!#$%'()*+,-./0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~
No spaces.
When labeling HSMs or partitions, never use a numeral as the first, or only, character in the name/label. Token backup
commands allow slot-number OR label as identifier which can lead to confusion if the label is a string version of a slot
number.
For example, if the token is initialized with the label "1" then the user cannot use the label to identify the target for
purposes of backup, because VTL parses "1" as signifying the numeric ID of the first slot rather than as a text label for
the target in whatever slot it really occupies (the target is unlikely to be in the first slot), so backup fails.
CAUTION:
Tips for using strong passwords:
– use at least eight characters (Partition policy controls minimum length)
– mix the case of alphabetic characters
– include at least one numeral
– include at least one punctuation character or special character such as @#$%&, etc.
– avoid words that can be found in the dictionary (any language)
Luna SA Configuration Guide
Release 5.4.1 007-011136-007 Rev C July 2014 Copyright 2014 SafeNet, Inc. All rights reserved.
73