Home > |
---|
Each SafeNet HSM client and partition, (including the HSM SO partition and the SafeNet Network HSM operating system, for the admin channel link) that serves as an STC endpoint has a unique identity, defined by a 2048-bit RSA asymmetric public/private key pair. The STC identity key pair is stored in the STC token associated with the client or partition. Before STC can create secure tunnels, trust must be established between the client and the partition, through the exchange of public keys.
Partition tokens and identities are created automatically.
Client tokens and identities are created manually, using LunaCM. Client can use either a software token (the default) or a SafeNet eToken 7300 Hardware Token (see Using a Hard Token to Store the STC Client Identity).
Under normal operating conditions, you should not need to re-create the STC tokens or identities. If, however, you want or need to re-create the STC tokens or identities for operational or security reasons, STC provides commands to do so, as follows:
Refer to the following commands in the LunaCM Command Reference Guide:
Parameter | Description |
---|---|
identitycreate | Create a client identity on the STC client token. See stc identitycreate. |
identitydelete | Delete a client identity from the STC identity token. See stc identitydelete. |
identityexport | Export the STC client identify to a file. See stc identityexport. |
identityshow | Display the client name, public key hash, and registered partitions for the STC client token. See stc identityshow. |
partitionderegister | Remove a partition identity from the STC client token. See stc partitionderegister. |
partitionregister | Register a partition to the STC client token. See stc partitionregister |
tokeninit | Initialize a client token. See stc tokeninit. |
tokenlist | List the available STC client identity tokens. See stc tokenlist. |
Refer to the following commands in the LunaSH Command Reference Guide:
Command | Description |
---|---|
hsm stc identity create | Create a STC client identity for the STC admin channel. See hsm stc identity create. |
hsm stc identity delete | Delete the STC admin channel client identity. See hsm stc identity delete. |
hsm stc identity initialize | Initialize the STC admin channel client token. See hsm stc identity initialize. |
hsm stc identity partition deregister | Remove the HSM SO partition identity public key that is currently registered with the STC admin channel client token. See hsm stc identity partition deregister. |
hsm stc identity partition register | Register the HSM SO partition identity public key with the STC admin channel client token. See hsm stc identity partition register. |
hsm stc identity show | Display the client name, public key hash, and registered partitions for the STC admin channel client token. See hsm stc identity show. |