Expand description
Thales Luna Cloud HSM (CSP) provider.
The Thales Luna Cloud HSM provides network-attached hardware security modules with high-availability (HA) group support and partition-based multi-tenancy.
§Platform-specific Library Paths
- Linux:
/usr/safenet/lunaclient/lib/libCryptoki2_64.so - Windows:
C:\Program Files\SafeNet\LunaClient\cryptoki.dll
§HA Group Configuration
Luna CSP supports High Availability groups where multiple HSM partitions appear as a single virtual HSM:
- Automatic failover between members
- Load balancing across partitions
- Synchronous or asynchronous replication
HA groups are configured via vtl command-line tool.
§Partition Management
Each Luna HSM can be partitioned into multiple logical HSMs:
- Independent key storage and access control per partition
- Partition-level PIN authentication
- Separate PKCS#11 slots per partition
§Key Wrapping Support
Luna CSP fully supports:
- CKM_AES_KEY_WRAP (RFC 3394)
- CKM_AES_KEY_WRAP_PAD (RFC 5649) for non-aligned keys
- CKM_RSA_PKCS_OAEP for RSA-based wrapping
All mechanisms are hardware-accelerated.
Functions§
- default_
library_ path - Default PKCS#11 library path for Luna CSP.
- provider_
config - Get the default provider configuration for Thales Luna CSP.
- supported_
mechanisms - Mechanisms supported by Luna CSP.