Thales Data Protection on Demand 

https://thalesdocs.com/dpod/support/changelog/index.html

10.3 Luna Cloud HSM Service Client

Added

  • Version 10.3 of the HSM service client is now available for download from Thales Data Protection on Demand. This client supports hybrid usage of both Luna Cloud HSM services and the Luna HSM product line, as detailed in the HSM on Demand Client User Guide. See Upgrading your Luna Cloud HSM Service Client for more information about updating your Luna Cloud HSM service client.

Bugs Found

  • LUNA-14009 - Executing cmu verifyhsm does not prompt the user to enter a challenge string. Always specify a challenge string using cmu verifyhsm -challenge <string>.
  • LUNA-13907 - Requesting a certificate using cmu requestcertificate using the wrong attribute to specify the private key returns an incorrect error message. Use the -privateouid to specify a private key on a Luna Cloud HSM service.
  • LUNA-13780 - Executing cmu import to import a DSA key fails. Use an RSA public key instead.
  • LUNA-13761 - Executing cmu selfsigncertificate with no arguments specified, on Linux, cmu fails to prompt the user for the relevant object handles/OUIDs. Always specify the object handles/OUIDs using -publichandle and -privatehandle or -publicouid and -privateouid.
  • LUNA-12822 - ckmdeo option Get OUID (39) returns OUIDs with extra zeroes appended. Use option Get Attribute (24) to view the correct OUID.
  • LUNA-11269 - In HA configurations, where a Luna Cloud HSM service is configured as a standby, some events (such as when a connection drops and recovers due to a timeout when contacting the service) are not recorded in the HA log file.
  • SH-5595 - Deriving X9.42 DH2 keys returns CKR_OBJECT_HANDLE_INVALID. We recommend you avoid upgrading your Luna Cloud HSM service client until the issue is resolved. 
  • SH-4194 - Executing cmu getpkc to confirm a public key can fail. Execute the ckdemo Display Object (27) function to confirm the key pairs origins and security in the HSM. If the CKA_NEVER_EXTRACTABLE attribute is present it confirms that the private key was created in the HSM and has never been extracted.

Bugs Fixed

  • SH-4987 - The displayed serial numbers of self-signed certificates created using cmu selfsigncertificate now match the input serial number.