Creating a Partition

The HSM must be configured with at least one partition to operate. There is no default partition created in a brand new HSM (the default partition must be created by the SO).

To create a partition, complete the following steps:

1. Log in as the SO using the hsm login command using the default password.

   

   The password for the SO must match the password that was selected during the initialization of the HSM. The system allows only three attempts to present the successful SO PIN.

   If you exceed the number of login attempts, the HSM is zeroized (meaning that the keys are destroyed). Once done, these keys can no longer be used. If this occurs, the HSM must be re-initialized.

2. Create the HSM partition using the partition create command (in the following example, the partition name is partition_AI).

   

3. Each partition is assigned with specific policies (as shown on the subsequent pages). It is not required that you change any of the default policies to create an HSM partition. Once the partition is created, your HSM is ready to use with both the ActivID KMS and ActivID CMS products.

   Copy the cryptoki.dll file into your KMS directory (the same directory from which the ackms.exe is run). The cryptoki.dll file resides in the directory in which you installed the Thales / Thales TCT software. During the ActivID CMS installation procedure, you have to go to this .dll file when requested by ActivID CMS.

4. After initialization has completed, you can exit or close the lunacm utility by entering the following command at the lunacm:> command prompt:

   Copy

   exit

Once done, the HSM is ready for use in ActivID KMS first and next in ActivID CMS.