hsm stc cipher enable

Home >	LunaSH Command Reference Guide > LunaSH Commands > hsm > hsm stc cipher enable

hsm stc cipher enable

Enable the use of a symmetric encryption cipher algorithm for data encryption on the secure trusted channel (STC) admin channel. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition.

All data transmitted over the STC link will be encrypted using the cipher that is both enabled and that offers the highest level of security. For example, if AES 192 and AES 256 are enabled, and AES 128 is disabled, AES 256 will be used. You can use the command hsm stc cipher show to show which ciphers are currently enabled/disabled and the command "stc status" on page 1 to display the cipher that is currently being used.

Note: Performance is reduced for larger ciphers.

Syntax

hsm stc cipher enable -all -id <cipher_id>

Parameter	Shortcut	Description
-all	-a	Enable all ciphers.
-id <cipher_id>	-id <cipher_id>	Specifies the numerical identifier of the cipher you want to use, as listed using the command "stc configuration cipher show" on page 1.

Example

lunash:>hsm stc cipher show

This table lists the ciphers supported for STC links to the HSM SO partition. Enabled

ciphers are accepted during STC link negotiation with a client. If all ciphers

are disabled, STC links to the partition are not encrypted.

STC Encryption: On

Cipher ID    Cipher Name                              Enabled

_________________________________________________________________

1            AES 128 Bit with Cipher Block Chaining   Yes

2            AES 192 Bit with Cipher Block Chaining   Yes

3            AES 256 Bit with Cipher Block Chaining   No

Command Result : 0 (Success)

lunash:>hsm stc cipher enable -id 3

AES 256 Bit with Cipher Block Chaining is now enabled.

lunash:>hsm stc cipher show

This table lists the ciphers supported for STC links to the HSM SO partition. Enabled

ciphers are accepted during STC link negotiation with a client. If all ciphers

are disabled, STC links to the partition are not encrypted.

STC Encryption: On

Cipher ID    Cipher Name                              Enabled

_________________________________________________________________

1            AES 128 Bit with Cipher Block Chaining   Yes

2            AES 192 Bit with Cipher Block Chaining   Yes

3            AES 256 Bit with Cipher Block Chaining   Yes

Command Result : 0 (Success)