Home >

LunaCM Command Reference Guide > LunaCM Commands > stcconfig > stcconfig hmacenable

stcconfig hmacenable

Enable the use of an HMAC message digest algorithm for message integrity verification on an STC link.The HMAC algorithm that is both enabled and that offers the highest level of security is used. For example, if SHA 256 and SHA 512 are enabled, SHA 512 is used. You can use the command stcconfig hmacshow to show which HMAC message digest algorithms are currently enabled/disabled and the command stc status to display the HMAC message digest algorithm that is currently being used.

This command is available only if the current slot is a PPSO partition.

Syntax

stcconfig hmacenable [-slot <slot_id>] -id <hmac_id>

Parameter Shortcut Description
-slot <slot_id> -s <slot_id>

Specifies the slot containing the partition on which you want to allow or disallow an HMAC algorithm.

This parameter is available only if you are logged into the HSM's Admin partition.

-id <hmac_id> -id <hmac_id> Specifies the numerical identifier of the HMAC message digest algorithm you want to use, as listed using stcconfig hmacshow

Example

Current slot
lunacm:> stcconfig hmacshow -slot 1
 
This table lists the HMAC algorithms supported for STC links to the current slot.
Enabled algorithms are accepted during STC link negotiation with a client.
At least one HMAC algorithm must be enabled.
 
HMAC ID      HMAC Name                                Enabled
__________________________________________________________________
0            HMAC with SHA 256 Bit                    No
1            HMAC with SHA 512 Bit                    Yes
 
Command Result : 0 (Success)
 
lunacm:> stcconfig hmacenable -id 0
 
HMAC with SHA 256 Bit for the current slot is now enabled.
 
lunacm:> stcc hmacshow
 
This table lists the HMAC algorithms supported for STC links to the current slot.
Enabled algorithms are accepted during STC link negotiation with a client.
At least one HMAC algorithm must be enabled.
 
HMAC ID      HMAC Name                                Enabled
__________________________________________________________________
0            HMAC with SHA 256 Bit                    Yes
1            HMAC with SHA 512 Bit                    Yes
Specified slot
lunacm:> stcc hsh
 
This table lists the HMAC algorithms supported for STC links to the current slot.
Enabled algorithms are accepted during STC link negotiation with a client.
At least one HMAC algorithm must be enabled.
 
HMAC ID      HMAC Name                                Enabled
__________________________________________________________________
0            HMAC with SHA 256 Bit                    No
1            HMAC with SHA 512 Bit                    Yes
 
lunacm:> stcconfig hmacdisable -slot 2 -id 0
 
HMAC with SHA 256 Bit is now enabled for slot 2.