Luna Cloud HSM Service Rebranding

Changed

The following Luna Cloud HSM service names have been changed:

HSM on Demand is now Luna Cloud HSM
HSM on Demand for CyberArk is now Luna Cloud HSM for CyberArk
HSM on Demand for Digital Signing is now Luna Cloud HSM for Digital Signing
HSM on Demand for Hyperledger is now Luna Cloud HSM for Hyperledger
HSM on Demand for Java Code Signer is now Luna Cloud HSM for Java Code Signer
HSM on Demand for Microsoft ADCS is now Luna Cloud HSM for Microsoft ADCS
HSM on Demand for Microsoft Authenticode is now Luna Cloud HSM for Microsoft Authenticode
HSM on Demand for Microsoft SQL Server is now Luna Cloud HSM for Microsoft SQL Server
HSM on Demand for PKI Private Key Protection is now Luna Cloud HSM for PKI Private Key Protection
HSMoD for Oracle TDE is now Luna Cloud HSM for Oracle TDE
HSM on Demand with Key Export is now Luna Cloud HSM with Key Export

Deprecating client 10.0 and 10.1 authentication for Luna Cloud HSM

The authentication method used by the 10.0 and 10.1 version of the Luna Cloud HSM client is being deprecated. Clients using this authentication will no longer be supported by the Luna Cloud HSM service after December 31, 2021.

We recommend you upgrade your client to the latest version at your earliest convenience. See Upgrading your client for more information.

CipherTrust Key Broker for Google EKM can access tenant user management

CipherTrust Key Broker for Google Cloud EKM service users can now access their DPoD platform tenant. Users can log in to their tenant hostname URL to access DPoD platform features such as User Management, Tenant Management, and Reporting.

CipherTrust Key Broker for Google Cloud EKM service tenants do not have access to tenant features such as Subscriber Groups or Adding Services.

Deprecating Luna Cloud HSM client 10.0 and 10.1 authentication

Deprecated

The authentication method used by the 10.0 and 10.1 version of the Luna Cloud HSM client is being deprecated. We recommend you upgrade your Luna Cloud HSM service clients to the latest version at your earliest convenience. Clients using this authentication mechanism will no longer connect to the service after December 31, 2021. Instructions for upgrading the client can be found in our documentation here.

10.3 Luna Cloud HSM Service Client

Added

Version 10.3 of the HSM service client is now available for download from Thales Data Protection on Demand. This client supports hybrid usage of both Luna Cloud HSM services and the Luna HSM product line, as detailed in the HSM on Demand Client User Guide. See Upgrading your Luna Cloud HSM Service Client for more information about updating your Luna Cloud HSM service client.

Bugs Found

LUNA-14009 - Executing cmu verifyhsm does not prompt the user to enter a challenge string. Always specify a challenge string using cmu verifyhsm -challenge <string>.
LUNA-13907 - Requesting a certificate using cmu requestcertificate using the wrong attribute to specify the private key returns an incorrect error message. Use the -privateouid to specify a private key on a Luna Cloud HSM service.
LUNA-13780 - Executing cmu import to import a DSA key fails. Use an RSA public key instead.
LUNA-13761 - Executing cmu selfsigncertificate with no arguments specified, on Linux, cmu fails to prompt the user for the relevant object handles/OUIDs. Always specify the object handles/OUIDs using -publichandle and -privatehandle or -publicouid and -privateouid.
LUNA-12822 - ckmdeo option Get OUID (39) returns OUIDs with extra zeroes appended. Use option Get Attribute (24) to view the correct OUID.
LUNA-11269 - In HA configurations, where a Luna Cloud HSM service is configured as a standby, some events (such as when a connection drops and recovers due to a timeout when contacting the service) are not recorded in the HA log file.
SH-5595 - Deriving X9.42 DH2 keys returns CKR_OBJECT_HANDLE_INVALID. We recommend you avoid upgrading your Luna Cloud HSM service client until the issue is resolved.
SH-4194 - Executing cmu getpkc to confirm a public key can fail. Execute the ckdemo Display Object (27) function to confirm the key pairs origins and security in the HSM. If the CKA_NEVER_EXTRACTABLE attribute is present it confirms that the private key was created in the HSM and has never been extracted.

Bugs Fixed

SH-4987 - The displayed serial numbers of self-signed certificates created using cmu selfsigncertificate now match the input serial number.

Deprecating API Endpoints

Deprecated

The DPoD Platform API is deprecating the PATCH /tenants/{id}/admin/reset and POST /tenants/{id}/admin/resetMfaToken operations.

Tenant administrators can use the self-service password reset from the DPoD tenant log in screen or request that a sibling tenant administrator reset their password. Tenant administrators must request an MFA reset from a sibling tenant administrator.

These endpoints will be removed from the platform in a future update.

Update to Service Elections Process

Added

Subscriber tenant administrators can complete the Add Service Elections Form, a separate commitment from the Initial Service Elections Form, to demonstrate additional service commitments to their service provider.

Bugs Found

DPS-6769 - The Salesforce Key Broker service does not update the Last Modified At and Modified By columns in the Service Details tables when service secrets are updated.

Bugs Fixed

DPS-6737 DPoD Terms of Service now display correctly in the Safari browser. The DPoD Terms of Service are always available from the support portal.
DPS-6761 - If the DPoD user interface cannot display the Salesforce Secret Type, the DPoD user interface will display the Salesforce value.

Non-FIPS Luna Cloud HSM Firmware Version 1.4.2

Changed

Non-FIPS Luna Cloud HSM service firmware has been updated to version 1.4.2. Firmware version 1.4.2 provides various performance improvements and is an enabler for future marketplace services. See Luna Cloud HSM Services for more information about FIPS and non-FIPS services.

Deprecated

The DPoD platform will remove the ability for a service provider administrator to reset a tenant administrators account password. Tenant administrators can use the self-service password reset from the DPoD tenant login screen or request that a sibling tenant administrator reset their password.

Bugs Fixed

SH-4366 - Firmware version 1.4.2 for non-FIPS Luna Cloud HSM services disallows the creation of a key with both the "public" and "sensitive" attribute combination.

Release 1.17.2

Bugs Fixed

DPS-5823 - New service clients created in the North America (NA) environment can connect to a service on Windows Server 2012r2 operating systems.

Release 1.17.1

Added

Service Provider Administrator Platform Credentials. Platform credentials allow Service Provider Administrators to access and mange tenants, users, and reports using the DPoD API.

Changed

"HSM on Demand Services" are now "Luna Cloud HSM Services"
"Key Management on Demand Services" are now "CipherTrust Key Management Services"

Show Previous Entries