|
Home > |
|---|
Access the HSM STC-level commands. Use these commands to configure and manage the secure trusted channel (STC) admin channel. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition.
hsm stc
activationtimeout set
activationtimeout show
cipher disable
cipher enable
cipher show
client deregister
client list
client register
disable
enable
hmac disable
hmac enable
hmac show
identity create
identity delete
identity initialize
identity partition deregister
identity partition register
identity show
partition export
partition show
rekeythreshold set
rekeythreshold show
replaywindow set
replaywindow show
status
| Parameter | Shortcut | Description |
|---|---|---|
| activationtimeout set | a se | Set the activation timeout for an STC link. See "hsm stc activationtimeout set". |
|
activationtimeout show |
a sh | Display the STC link activation timeout for the specified partition. See "hsm stc activationtimeout show" |
| cipher disable | ci d | Disable the use of a symmetric encryption cipher algorithm for data encryption on the link. See "hsm stc cipher disable". |
| cipher enable | ci e | Enable the use of a symmetric encryption cipher algorithm for data encryption on the link. See "hsm stc cipher enable" |
| cipher show | ci s | List the symmetric encryption cipher algorithms you can use for STC data encryption on the specified partition. See "hsm stc cipher show". |
| client deregister | cl d | Deregister a client's STC public key from the specified partition. See "hsm stc client deregister". |
|
client list |
cl l | List the clients registered to the specified partition. See "hsm stc client list". |
|
client register |
cl r | Register a client's STC public key to the specified partition. See "hsm stc client register". |
| disable | d | Disable the secure trusted channel (STC) link that is local to the appliance, that is, from the LunaSH shell to the HSM SO partition. See "hsm stc disable". |
| enable | e | Establish a local secure trusted channel (STC) link from the LunaSH shell to the HSM SO partition, and set all the local HSM-related applications in the appliance to communicate to the HSM via this STC link. See "hsm stc enable". |
| hmac disable | h d |
Disable the use of an HMAC message digest algorithm for message integrity verification on the secure trusted channel (STC) link that is local to the appliance, that is, from the LunaSH shell to the HSM. See "hsm stc hmac disable". |
| hmac enable | h e | Enable the use of an HMAC message digest algorithm used for message integrity verification on the specified partition. See "hsm stc hmac enable" |
| hmac show | h s |
List the HMAC message digest algorithms you can use for STC message integrity verification on the specified partition. See "hsm stc hmac show". |
| identity create | i c | Create a STC client identity for the LunaSH client. See "hsm stc identity create". |
| identity delete | i d | Delete the LunaSH STC client identity. See "hsm stc identity delete". |
| identity initialize | i i | Initialize the LunaSH STC client token. See |
| identity partition deregister | i p d | Remove the HSM SO partition identity public key that is currently registered with the LunaSH STC client token. See "hsm stc identity partition deregister" |
| identity partition register | i p r | Register the HSM SO partition identity public key with the LunaSH STC client token. See "hsm stc identity partition register". |
| identity show | i s | Display the client name, public key hash, and registered partitions for the LunaSH STC client token. See "hsm stc identity show". |
| partition export | p i e | Export the specified partition's public key to a file. See "hsm stc partition export". |
| partition show | p i s | Display the public key and serial number for the current partition. See "hsm stc partition show". |
| rekeythreshold set | rek se | Set the key life for the symmetric key used to encrypt data on the STC link for the specified partition. See "hsm stc rekeythreshold set". |
| rekeythreshold show | rek sh | Display the key life for the symmetric key used to encrypt data on the STC link for the specified partition. See "hsm stc rekeythreshold show". |
| replaywindow set | rep se | Set the size of the packet replay window. See "hsm stc replaywindow set". |
| replaywindow show | rep sh | Display the current setting for the size of the packet replay window. See "hsm stc replaywindow show". |
| status | st | Display status and configuration information for an STC link. See "stc status" on page 1. |