Is it possible to sync up LMKs in two Thales PayShield 9000 instances>

Question

Basically, when we execute a generate key command such as A0 then we receive a key-under-lmk for future use. What if we have multiple HSMs in a high availability configuration? How would we make sure that all keys-under-LMK mean the same thing to all HSM instances?

The documentation I have doesn't cover this and I didn't find anything online about that particular model.

score 2 · Accepted Answer · answered Jun 03 '20 at 03:39

2

Yes, Will need to load same LMK in both HSMs in same LMK ID (Default is 00). Normally Thales payShield HSMs doesn't stores keys, if it has same LMK, it will create temporary keys when required and verified.

answered Jun 03 '20 at 03:39

VinRocka

52
2

Super, thank you! :-) Do you have any info how the LMKs are shared between Thales instances? – bbozo Jun 05 '20 at 08:24
1

need to load same LMK for all the HSMs. – VinRocka Jun 06 '20 at 18:21

Is it possible to sync up LMKs in two Thales PayShield 9000 instances>

1 Answers1