Open topic with navigation
You are here: E - Concepts > Crypto Officer and Crypto User > Cryptoki Roles Diagram
Cryptoki Roles Diagram
The Crypto Officer and Crypto User roles, described on the right-hand side of the
diagram (above) exist only for Luna HSM with Trusted Path Authentication. They don't
exist for a Luna HSM with Password Authentication.
In addition to providing the Crypto User password, a Client application must also pass
the user type CKU_RESTRICTED_USER (or the alias CKU_CRYPTO_USER).
To work with a Partition as Crypto Officer, OR for applications that use the
existing standard, your application must pass the user type CKU_USER (along
with the Crypto Officer / Partition Owner password). However, this type now has
an alias CKU_CRYPTO_OFFICER, which you might prefer to use for reasons of
clarity. (This concerns you only if you are an application developer.)
Open topic with navigation