hsm showpolicies

Displays the HSM-level capability and policy settings for the HSM. Include the -exporttemplate option to export the current state of all HSM policies to a policy template.

NOTE   Some mechanisms (such as KCDSA) are not enabled unless you have purchased and installed the required Secure Capability Update package. If you require a particular mechanism, and do not see it listed when you generate a mechanism list for your SafeNet Luna HSM, contact SafeNet Support.

NOTE   The LunaCM hsm commands appear only when the current slot selected in LunaCM is the initialized HSM's administrative partition.

Syntax

hsm showpolicies [-exporttemplate <filepath/filename>]

Argument(s) Short Description
-exporttemplate <filepath/filename> -et

Export the current state of all HSM policies to a policy template in the specified location.

Examples

lunacm:>hsm showpolicies
        HSM Capabilities
                 0: Enable PIN-based authentication : 1
                 1: Enable PED-based authentication : 0
                 2: Performance level : 15
                 4: Enable domestic mechanisms & key sizes : 1
                 6: Enable masking : 1
                 7: Enable cloning : 1
                 8: Enable special cloning certificate : 0
                 9: Enable full (non-backup) functionality : 1
                12: Enable non-FIPS algorithms : 1
                15: Enable SO reset of partition PIN : 1
                16: Enable network replication : 1
                17: Enable Korean Algorithms : 0
                18: FIPS evaluated : 0
                19: Manufacturing Token : 0
                20: Enable Remote Authentication : 1
                21: Enable forcing user PIN change : 1
                22: Enable offboard storage : 1
                23: Enable partition groups : 0
                25: Enable remote PED usage : 0
                26: Enable External Storage of MTK Split : 0
                27: HSM non-volatile storage space : 2097152
                29: Enable Acceleration : 1
                30: Enable unmasking : 0
                31: Enable FW5 compatibility mode : 0
                33: Maximum number of partitions : 20
                34: Enable ECIES support : 0
                35: Enable Single Domain : 1
                36: Enable Unified PED Key : 1
                37: Enable MofN : 1
                38: Enable small form factor backup/restore : 0
                39: Enable Secure Trusted Channel : 1
                40: Enable decommission on tamper : 0
                41: Enable Per-Partition SO : 1
                42: Enable partition re-initialize : 1

        HSM Policies
                 0: PIN-based authentication : 1
                 1: PED-based authentication : 0
                 6: Allow masking : 1
                 7: Allow cloning : 1
                12: Allow non-FIPS algorithms : 1
                15: SO can reset partition PIN : 1
                16: Allow network replication : 1
                20: Allow Remote Authentication : 1
                21: Force user PIN change after set/reset : 0
                22: Allow offboard storage : 1
                23: Allow partition groups : 0
                25: Allow remote PED usage : 0
                26: Store MTK Split Externally : 0
                29: Allow Acceleration : 1
                30: Allow unmasking : 0
                31: Allow FW5 compatibility mode : 0
                33: Current maximum number of partitions : 20
                34: Allow ECIES support : 0
                35: Force Single Domain : 0
                36: Allow Unified PED Key : 0
                37: Allow MofN : 1
                38: Allow small form factor backup/restore : 0
                39: Allow Secure Trusted Channel : 0
                40: Allow decommission on tamper : 0
                42: Allow partition re-initialize : 0


Command Result : No Error