|
Home > |
|---|
Each Luna client and partition, (including the HSM SO partition and the Luna SA operating system, for the admin channel link) that serves as an STC endpoint has a unique identity, defined by a 2048-bit RSA asymmetric public/private key pair. The STC identity key pair is stored in the STC token associated with the client or partition. Before STC can create secure tunnels, trust must be established between the client and the partition, through the exchange of public keys.
Partition tokens and identities are created automatically.
Client tokens and identities are created manually, using LunaCM. Client can use either a software token (the default) or a SafeNet eToken 7300 Hardware Token (see "Using a Hard Token to Store the STC Client Identity").
Under normal operating conditions, you should not need to re-create the STC tokens or identities. If, however, you want or need to re-create the STC tokens or identities for operational or security reasons, STC provides commands to do so, as follows:
Refer to the following commands in the LunaCM Command Reference Guide:
| Parameter | Description |
|---|---|
| identitycreate | Create a client identity on the STC client token. See "stc identitycreate". |
| identitydelete | Delete a client identity from the STC identity token. See "stc identitydelete". |
| identityexport | Export the STC client identify to a file. See "stc identityexport". |
| identityshow | Display the client name, public key hash, and registered partitions for the STC client token. See "stc identityshow". |
| partitionderegister | Remove a partition identity from the STC client token. See "stc partitionderegister". |
| partitionregister | Register a partition to the STC client token. See "stc partitionregister" |
| tokeninit | Initialize a client token. See "stc tokeninit". |
| tokenlist | List the available STC client identity tokens. See "stc tokenlist". |
Refer to the following commands in the LunaSH Command Reference Guide:
| Command | Description |
|---|---|
| hsm stc identity create | Create a STC client identity for the STC admin channel. See "hsm stc identity create". |
| hsm stc identity delete | Delete the STC admin channel client identity. See "hsm stc identity delete". |
| hsm stc identity initialize | Initialize the STC admin channel client token. See "hsm stc identity initialize". |
| hsm stc identity partition deregister | Remove the HSM SO partition identity public key that is currently registered with the STC admin channel client token. See "hsm stc identity partition deregister". |
| hsm stc identity partition register | Register the HSM SO partition identity public key with the STC admin channel client token. See "hsm stc identity partition register". |
| hsm stc identity show | Display the client name, public key hash, and registered partitions for the STC admin channel client token. See "hsm stc identity show". |