stc cipher disable
Disable the use of a symmetric encryption cipher algorithm for data encryption on an STC link. All data transmitted over the STC link will be encrypted using the cipher that is both enabled and that offers the highest level of security. For example, if AES 192 and AES 256 are enabled, and AES 128 is disabled, AES 256 will be used. You can use the command stc cipher show to show which ciphers are currently enabled/disabled.
NOTE Secure Trusted Channel (STC) changes format for Luna 7.7.0 and newer.
Lunash commands used by the HSM SO for STC are described here for Luna 7.4.x and lower, and are discontinued for HSMs at 7.7.0 and later.
For Luna 7.7.0 and newer, only the Partition SO can configure these STC options with lunacm commands (see stcconfig ), after the partition is initialized.
Disabling all of the ciphers turns off symmetric encryption on the link.
You must be logged in as the HSM SO to use this command.
NOTE Performance is reduced for larger ciphers.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
stc cipher disable -partition <partition_name> {-all | -id <cipher_id>} [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -all | -a | Disable all ciphers |
| -force | -f | Force the action without prompting |
| -id <cipher_id> | -i |
Specifies the numerical identifier of the cipher you want to disable, as listed using the command stc cipher show. Valid values: 1,2,3 |
| -partition <partition_name> |
-p |
Specifies the name of the partition on which to disable the cipher(s). |
Example
lunash:>stc cipher disable -partition partition2 -id 2 AES 192 Bit with Cipher Block Chaining is now disabled. Command Result : 0 (Success)
