Home >

LunaCM Command Reference Guide > LunaCM Commands > stcconfig > stcconfig cipherdisable

stcconfig cipherdisable

Disable the use of a symmetric encryption cipher algorithm for data encryption on an STC link. All data transmitted over the STC link will be encrypted using the cipher that is both enabled and that offers the highest level of security. For example, if AES 192 and AES 256 are enabled, and AES 128 is disabled, AES 256 will be used. You can use the command stcconfig ciphershow to show which ciphers are currently enabled and the command stc status to display the cipher that is currently being used.

This command is available only if the current slot is a PPSO partition.

Note:  Performance is reduced for larger ciphers.

Syntax

stcconfig cipherdisable [-slot <slot_id>] -id <cipher_id>

Parameter Shortcut Description
-slot <slot_id> -s <slot_id>

Specifies the slot containing the partition for which you want to allow or disallow a cipher algorithm.

This parameter is available only if you are logged into the HSM's Admin partition.

-id <cipher_id> -id <cipher_id> Specifies the numerical identifier of the cipher you want to allow or disallow, as listed by stcconfig ciphershow

Example

Current slot
lunacm:> stcc cish
 
This table lists the ciphers supported for STC links to the current slot.
Enabled ciphers are accepted during STC link negotiation with a client.
If all ciphers are disabled, STC links to the partition are not encrypted.
 
STC Encryption: On
 
Cipher ID    Cipher Name                              Enabled
__________________________________________________________________
1            AES 128 Bit with Cipher Block Chaining   Yes
2            AES 192 Bit with Cipher Block Chaining   Yes
3            AES 256 Bit with Cipher Block Chaining   Yes
 
lunacm:> stcc cid -id 1
 
AES 128 Bit with Cipher Block Chaining is now disabled for the current slot.
 
Specified slot
lunacm:> stcc cish -s 3
 
This table lists the ciphers supported for STC links to the current slot.
Enabled ciphers are accepted during STC link negotiation with a client.
If all ciphers are disabled, STC links to the partition are not encrypted.
 
STC Encryption: On
 
Cipher ID    Cipher Name                              Enabled
__________________________________________________________________
1            AES 128 Bit with Cipher Block Chaining   Yes
2            AES 192 Bit with Cipher Block Chaining   Yes
3            AES 256 Bit with Cipher Block Chaining   Yes
 
lunacm:> stcc cid -s 3 -d -id 2
 
AES 192 Bit with Cipher Block Chaining is now disabled for slot 3.