Home > |
---|
Set the rekey threshold for the symmetric key used to encrypt data on an STC link. The symmetric key is used to encode the number of messages specified by the threshold value, after which it is regenerated and the counter is reset to 0.
The default of 400 million messages would force a rekeying operation once every 24 hours on an HSM under heavy load (processing approximately 5000 messages/second), or once a week for an HSM under light load (processing approximately 700 messages/second).
This command is available only if the current slot is a PPSO partition.
stcconfig rekeythresholdset [-slot <slot_id>] -value <threshold>
Parameter | Shortcut | Description |
---|---|---|
-slot <slot_id> | -s <slot_id> |
Specifies the slot containing the partition for which you want to set the rekey threshold. This parameter is available only if you are logged into the HSM's Admin partition. |
-value <threshold> | -v <threshold> |
An integer that specifies the key life (in millions of encoded messages) for the STC symmetric key. Enter a value of 0 to disable rekeying. Range: 0 to 4000 million messages. Default: 400 million messages. |
lunacm:> stcc rkse -v 200
Successfully changed the rekey threshold for slot 3 to 200 million messages.
lunacm:> stcc rkse -s 2 -v 200
Successfully changed the rekey threshold for the current slot to 200 million messages.