Managing STC Tokens and Identities
Each SafeNet Luna HSM client and partition, (including the HSM SO partition and the SafeNet Luna Network HSM operating system, for the admin channel link) that serves as an STC endpoint has a unique identity, defined by a 2048-bit RSA asymmetric public/private key pair. The STC identity key pair is stored in the STC token associated with the client or partition. Before STC can create secure tunnels, trust must be established between the client and the partition, through the exchange of public keys.
Partition tokens and identities are created automatically.
Client tokens and identities are created manually, using LunaCM. The Client can use either a software token (the default) or a SafeNet eToken 7300 Hardware Token (see Using a Hard Token to Store the STC Client Identity).
Under normal operating conditions, you should not need to recreate the STC tokens or identities. If, however, you want or need to re-create the STC tokens or identities for operational or security reasons, STC provides commands to do so, as follows:
Client Tokens and Identities
Refer to the following commands in the LunaCM Command Reference Guide:
Command | Description |
---|---|
stc identitycreate | Create a client identity on the STC client token. See stc identitycreate. |
stc identitydelete | Delete a client identity from the STC identity token. See stc identitydelete. |
stc identityexport | Export the STC client identify to a file. See stc identityexport. |
stc identityshow | Display the client name, public key hash, and registered partitions for the STC client token. See stc identityshow. |
stc partitionderegister | Remove a partition identity from the STC client token. See stc partitionderegister. |
stc partitionregister | Register a partition to the STC client token. See stc partitionregister |
stc tokeninit | Initialize a client token. See stc tokeninit. |
stc tokenlist | List the available STC client identity tokens. See stc tokenlist. |
STC Admin Channel Identity
Refer to the following commands in the LunaSH Command Reference Guide:
Command | Description |
---|---|
hsm stc identity create | Create a STC client identity for the STC admin channel. See hsm stc identity create. |
hsm stc identity delete | Delete the STC admin channel client identity. See hsm stc identity delete. |
hsm stc identity initialize | Initialize the STC admin channel client token. See hsm stc identity initialize. |
hsm stc identity partition deregister | Remove the HSM SO partition identity public key that is currently registered with the STC admin channel client token. See hsm stc identity partition deregister. |
hsm stc identity partition register | Register the HSM SO partition identity public key with the STC admin channel client token. See hsm stc identity partition register. |
hsm stc identity show | Display the client name, public key hash, and registered partitions for the STC admin channel client token. See hsm stc identity show. |