stcconfig hmacdisable

Disable the use of an HMAC message digest algorithm for message integrity verification on an STC link. The HMAC algorithm that is both enabled and that offers the highest level of security is used. For example, if SHA 256 and SHA 512 are enabled, SHA 512 is used. You can use the command stcconfig hmacshow to show which HMAC message digest algorithms are currently enabled/disabled and the command stc status to display the HMAC message digest algorithm that is currently being used.

Syntax

stcconfig hmacdisable -id <hmac_ID> [-slot <slot_ID>]

Argument(s) Shortcut Description
-id <hmac_ID> -i Specifies the numerical identifier of the HMAC message digest algorithm you want to use, as listed using stcconfig hmacshow
-slot <slot_ID> -s

Specifies the slot containing the partition on which you want to allow or disallow an HMAC algorithm.

This argument is available only if you are logged into the HSM's Admin partition.

Example

lunacm:> stcconfig hmacshow

This table lists the HMAC algorithms supported for STC links to the current slot.
Enabled algorithms are accepted during STC link negotiation with a client.
At least one HMAC algorithm must be enabled.

HMAC ID      HMAC Name                                Enabled
__________________________________________________________________
0            HMAC with SHA 256 Bit                    Yes
1            HMAC with SHA 512 Bit                    Yes

Command Result : 0 (Success)



lunacm:> stcconfig hmacdisable -id 0

HMAC with SHA 256 Bit for the current slot is now disabled.

Command Result : 0 (Success)