Home >

LunaSH Command Reference Guide > LunaSH Commands > stc > stc cipher disable

stc cipher disable

Disable the use of a symmetric encryption cipher algorithm for data encryption on an STC link. All data transmitted over the STC link will be encrypted using the cipher that is both enabled and that offers the highest level of security. For example, if AES 192 and AES 256 are enabled, and AES 128 is disabled, AES 256 will be used. You can use the command stc cipher show to show which ciphers are currently enabled/disabled.

Disabling all of the ciphers turns off symmetric encryption on the link.

You must be logged in as the HSM SO to use this command.

Note:  Performance is reduced for larger ciphers.

Syntax

stc cipher disable -partition <partition_name> -all -id <cipher_id>

Parameter Shortcut Description
-partition <partition_name>

-p <partition_name>

 Specifies the name of the partition that will perform STC data encryption using the specified cipher.
-all -a Allow the specified cipher.
-id <cipher_id> -id <cipher_id> Specifies the numerical identifier of the cipher you want to use, as listed using the command stc cipher show.

Example

lunash:>stc cipher show -p mapleleafs
 
This table lists the ciphers supported for STC links to the partition. Enabled
ciphers are accepted during STC link negotiation with a client. If all ciphers
are disabled, STC links to the partition are not encrypted.
 
STC Encryption: On
 
Cipher ID    Cipher Name                              Enabled
_________________________________________________________________
1            AES 128 Bit with Cipher Block Chaining   Yes
2            AES 192 Bit with Cipher Block Chaining   Yes
3            AES 256 Bit with Cipher Block Chaining   Yes
 
Command Result : 0 (Success)
 
lunash:> stc cipher disable -par mapleleafs -id 3
 
AES 256 Bit with Cipher Block Chaining is now disabled.
 
Command Result : 0 (Success)
 
lunash:>stc cipher show -p mapleleafs
 
This table lists the ciphers supported for STC links to the partition. Enabled
ciphers are accepted during STC link negotiation with a client. If all ciphers
are disabled, STC links to the partition are not encrypted.
 
STC Encryption: On
 
Cipher ID    Cipher Name                              Enabled
_________________________________________________________________
1            AES 128 Bit with Cipher Block Chaining   Yes
2            AES 192 Bit with Cipher Block Chaining   Yes
3            AES 256 Bit with Cipher Block Chaining   No
 
Command Result : 0 (Success)

SafeNet Network HSM 6.3 Product Documentation
007-011136-015 Rev. A 14 July 2017 Copyright 2001-2017 Gemalto All rights reserved.