|
Home > |
|---|
Display the policy vectors of the specified HSM partition. This command displays the specified HSM Partition's policies and capabilities. The output is arranged into three sections
1.Capabilities
2.Write-restricted policies
3.HSM Admin-modifiable policies.
Each policy's current setting is displayed. For modifiable policies, the policy code is displayed for use when changing policies.
partition showpolicies -partition <partition_name> [-configonly]
| Parameter | Shortcut | Description |
|---|---|---|
| -configonly | -c | List only the HSM Admin-modifiable HSM partition policies. |
| -partition | -p | The name of the partition for which policies will be displayed. To obtain a list of partitions, use the partition list command. |
lunash:> partition showPolicies -partition mypartition
Partition Name: mypartition
Partition Num: 65038002
The following capabilities describe this HSM Partition and can
never be changed.
Description Value
=========== =====
Enable private key cloning Allowed
Enable private key wrapping Disallowed
Enable private key unwrapping Allowed
Enable private key masking Disallowed
Enable secret key cloning Allowed
Enable secret key wrapping Allowed
Enable secret key unwrapping Allowed
Enable secret key masking Disallowed
Enable multipurpose keys Allowed
Enable changing key attributes Allowed
Enable PED use without challenge Allowed
Allow failed challenge responses Allowed
Enable operation without RSA blinding Allowed
Enable signing with non-local keys Allowed
Enable raw RSA operations Allowed
Max failed user logins allowed 10
Enable high availability recovery Allowed
Enable activation Allowed
Enable auto-activation Allowed
Minimum pin length (inverted: 255 - min) 248
Maximum pin length 255
Enable Key Management Functions Allowed
Enable RSA Signing without confirmation Allowed
Enable Remote Authentication Allowed
Enable private key unmasking Allowed
Enable secret key unmasking Allowed
The following policies are set due to current configuration
of this partition and may not be altered directly by the user.
Description Value
=========== =====
Challenge for authentication not needed False
The following policies describe the current configuration of this
partition and may be changed by the HSM Security Officer.
Description Value Code
=========== ===== ====
Allow private key cloning On 0
Allow private key unwrapping On 2
Allow secret key cloning On 4
Allow secret key wrapping On 5
Allow secret key unwrapping On 6
Allow multipurpose keys On 10
Allow changing key attributes On 11
Ignore failed challenge responses On 15
Operate without RSA blinding On 16
Allow signing with non-local keys On 17
Allow raw RSA operations On 18
Max failed user logins allowed 10 20
Allow high availability recovery On 21
Allow activation Off 22
Allow auto-activation Off 23
Minimum pin length (inverted: 255 - min) 248 25
Maximum pin length 255 26
Allow Key Management Functions On 28
Perform RSA signing without confirmation On 29
Allow Remote Authentication On 30
Allow private key unmasking On 31
Allow secret key unmasking On 32
Command Result : 0 (Success)