Hi,

I have a few questions about the key cards.

From looking at the document linked in response to mike I believe that the CO and SO cards act the same as they did on the Keyper. It also appears that the AAK and APP cards are combined to form the domain cards. Is this correct?

I can not seem to find an alternative to the OP cards, is there a reason for this.

Additionally I can not seem to find a replacement for SMK cards.

I attempted to investigate myself and found that when the SMK cards were used to set up a new HSM only 3 cards were used and they were already in the KMF. I thought that SMK cards are held by RKSHs and that 5 are required, not 3. 

Also a backup HSM is mentioned in the document. Is this in place of an APP card?

What credentials will be required to transfer a KSK to a new HSM?

What credentials will be required to apply existing cards to a new HSM?

What credentials will be required to decrypt the KSK backup?

Kind Regards

Will