stc hmac disable

Disable the use of an HMAC message digest algorithm for message integrity verification on an STC link. The HMAC algorithm that is both enabled and that offers the highest level of security is used. For example, if SHA 256 and SHA 512 are enabled, SHA 512 is used. You can use the command stc hmac show to show which HMAC message digest algorithms are currently enabled/disabled.

NOTE   Secure Trusted Channel (STC) changes format for Luna 7.7.0 and newer.

Lunash commands used by the HSM SO for STC are described here for Luna 7.4.x and lower, and are discontinued for HSMs at 7.7.0 and later.

For Luna 7.7.0 and newer, only the Partition SO can configure these STC options with lunacm commands (see  stcconfig ), after the partition is initialized.

All STC links use message integrity verification, so at least one HMAC algorithm must be enabled.

You must be logged in as the HSM SO to use this command.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

stc hmac disable -partition <partition_name> -id <hmac_id>

Argument(s) Shortcut Description
-partition <partition_name>

-p

Specifies the partition for which you want to disable an HMAC algorithm.
-id <hmac_id> -i Specifies the numerical identifier of the HMAC algorithm you want to disable, as listed using the command stc hmac show.

Example

lunash:>stc hmac disable -partition partition2 -id 1

HMAC with SHA 512 Bit is now disabled.


Command Result : 0 (Success)