Home >

LunaSH Command Reference Guide > LunaSH Commands > hsm > hsm stc hmac disable

hsm stc hmac disable

Disable the use of an HMAC message digest algorithm for message integrity verification on the secure trusted channel (STC) admin channel. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition.

The HMAC algorithm that is both enabled and that offers the highest level of security is used. For example, if SHA 256 and SHA 512 are enabled, SHA 512 is used. You can use the command hsm stc hmac show to show which HMAC message digest algorithms are currently enabled/disabled.

Note:  You cannot disable all HMAC message digest algorithms.

Syntax

hsm stc hmac disable -id <hmac_id>

Parameter Shortcut Description
-id <hmac_id> -i <hmac_id> Specifies the numerical identifier of the HMAC algorithm you want to disable, as listed using the command hsm stc hmac show.

Example

lunash:> hsm stc hmac show
 
HMAC ID     HMAC Name                Enabled
0           HMAC with SHA 256 Bit    Yes
1	    HMAC with SHA 512 Bit    Yes
 
Command Result : 0 (Success)
 
lunash:> hsm stc hmac disable -id 0
 
HMAC with SHA 256 Bit is now disabled for HSM.
 
Command Result : 0 (Success)
 
lunash:> hsm stc hmac show
 
HMAC ID     Name                     Enabled
0           HMAC with SHA 256 Bit    No
1	    HMAC with SHA 512 Bit    Yes
 
Command Result : 0 (Success)

SafeNet Network HSM 6.3 Product Documentation
007-011136-015 Rev. A 14 July 2017 Copyright 2001-2017 Gemalto All rights reserved.