Backup

The entire HSM database, including users and partitions, keys, objects and configuration parameters can be saved in a backup file external to the HSM. The backup operation is global, i.e. it covers the entire HSM database.

The backup file generated must be encrypted using a key derived from the password entered by the administrator when the backup was generated. File encryption is global, applied to the backup file before it is exported from the HSM and is independent of the encryption attribute of each particular object. The export attribute of each object also has no influence on the generation of the backup, as this is not an object export operation.

Attention

Part of the backup is the relationship between the HSM and the Server Master Key of the smart card that activates it, i.e. in order to restore the backup and activate the HSM, it is necessary to have the same smart card (or a copy of it) used in the HSM where the backup was generated.

The restore operation is also global, with the restoration of network parameters being optional. After the restore operation, a restart of the HSM is mandatory, as the base restored after the backup has an undetermined state and must not be used before a restart.

The backup file generated is binary and should only be used to restore the HSM. The file is protected against tampering and the restore operation will fail if the file has been modified since it was generated by the HSM.

From a backup file, it is possible to bring up an HSM in the same situation as when the backup was generated, reducing the likelihood of service interruption in the event of a hardware failure in an HSM.

A policy of routinely generating backups according to the frequency of database changes is important for maintaining the availability of the service and the HSM's keys and objects.

The backups made are not interchangeable in terms of operating mode, i.e. a backup made on an HSM operating in a certain mode cannot be restored on an HSM operating in a different mode.