stcconfig hmacdisable

Open topic with navigation

Home >	LunaCM Command Reference Guide > LunaCM Commands > stcconfig > stcconfig hmacdisable

stcconfig hmacdisable

Disable the use of an HMAC message digest algorithm for message integrity verification on an STC link. The HMAC algorithm that is both enabled and that offers the highest level of security is used. For example, if SHA 256 and SHA 512 are enabled, SHA 512 is used. You can use the command "stcconfig hmacshow" to show which HMAC message digest algorithms are currently enabled/disabled and the command "stc status" to display the HMAC message digest algorithm that is currently being used.

This command is available only if the current slot is a PPSO partition.

Syntax

stcconfig hmacdisable -id <hmac_id> [-slot <slot_id>]

Parameter	Shortcut	Description
-id <hmac_id>	-id <hmac_id>	Specifies the numerical identifier of the HMAC message digest algorithm you want to use, as listed using "stcconfig hmacshow"
-slot <slot_id>	-s <slot_id>	Specifies the slot containing the partition on which you want to allow or disallow an HMAC algorithm. This parameter is available only if you are logged into the HSM's Admin partition.

Parameter

Shortcut

Description

-id <hmac_id>

Specifies the numerical identifier of the HMAC message digest algorithm you want to use, as listed using "stcconfig hmacshow"

-slot <slot_id>

-s <slot_id>

Specifies the slot containing the partition on which you want to allow or disallow an HMAC algorithm.

This parameter is available only if you are logged into the HSM's Admin partition.

Example

Current slot

lunacm:> stcconfig hmacshow -slot 1

This table lists the HMAC algorithms supported for STC links to the current slot.

Enabled algorithms are accepted during STC link negotiation with a client.

At least one HMAC algorithm must be enabled.

HMAC ID      HMAC Name                                Enabled

__________________________________________________________________

0            HMAC with SHA 256 Bit                    Yes

1            HMAC with SHA 512 Bit                    Yes

Command Result : 0 (Success)

lunacm:> stcconfig hmacdisable -id 0

HMAC with SHA 256 Bit for the current slot is now disabled.

lunacm:> stcc hmacshow

This table lists the HMAC algorithms supported for STC links to the current slot.

Enabled algorithms are accepted during STC link negotiation with a client.

At least one HMAC algorithm must be enabled.

HMAC ID      HMAC Name                                Enabled

__________________________________________________________________

0            HMAC with SHA 256 Bit                    No

1            HMAC with SHA 512 Bit                    Yes

Specified slot

lunacm:> stcc hsh

This table lists the HMAC algorithms supported for STC links to the current slot.

Enabled algorithms are accepted during STC link negotiation with a client.

At least one HMAC algorithm must be enabled.

HMAC ID      HMAC Name                                Enabled

__________________________________________________________________

0            HMAC with SHA 256 Bit                    Yes

1            HMAC with SHA 512 Bit                    Yes

lunacm:> stcconfig hmacdisable -slot 2 -id 0

HMAC with SHA 256 Bit is now disabled for slot 2.

Open topic with navigation