stcconfig hmacenable
Enable the use of an HMAC message digest algorithm for message integrity verification on an STC link.The HMAC algorithm that is both enabled and that offers the highest level of security is used. For example, if SHA 256 and SHA 512 are enabled, SHA 512 is used. You can use the command stcconfig hmacshow to show which HMAC message digest algorithms are currently enabled/disabled and the command stc status to display the HMAC message digest algorithm that is currently being used.
Syntax
stcconfig hmacenable -slot <slot_ID> -id <hmac_ID>
Option | Shortcut | Description |
---|---|---|
-id <hmac_ID> | -i | Specifies the numerical identifier of the HMAC message digest algorithm you want to use, as listed using stcconfig hmacshow |
-slot <slot_ID> | -s |
Specifies the slot containing the partition on which you want to allow or disallow an HMAC algorithm. This parameter is available only if you are logged into the HSM's Admin partition. |
Example
lunacm:> stcconfig hmacshow
This table lists the HMAC algorithms supported for STC links to the current slot.
Enabled algorithms are accepted during STC link negotiation with a client.
At least one HMAC algorithm must be enabled.
HMAC ID HMAC Name Enabled
__________________________________________________________________
0 HMAC with SHA 256 Bit No
1 HMAC with SHA 512 Bit Yes
Command Result : 0 (Success)
lunacm:> stcconfig hmacenable -id 0
HMAC with SHA 256 Bit for the current slot is now enabled.
Command Result : 0 (Success)