partition ciphershow
Shows the cipher suites available for cloning operations.
Multiple cipher suite options are available for use by Cloning Protocol version 4 (CPv4). When two CPv4 partitions begin a cloning operation, they negotiate for the strongest cipher suite available to both parties. You can affect the result by disabling some suites - all are enabled by default. Use the partition cipherenable and partition cipherdisable commands.
Cloning cipher suites for CPv4 have the following format:
CPv4 <signature><key agreement<symmetric>
CPv4 ECDSA-P521-SHA-512 ECDH-P521 AES-256-KWP
In addition, CPv3 has a single cipher suite, which can be disabled (enabled by default).
Cloning cipher suite for CPv3 has the following format:
CPv3 <key transport><symmetric>
CPv3 RSA-4096-PKCS-SHA-284 AES-256-GCM
If all cipher suites are disabled, cloning (including backup) is not possible for the partition and contents.
If Partition Policy 42 is set (allow CPv1), then CPv3 and CPv4 are disabled.
Syntax
partition ciphershow
Example using Luna HSM Firmware 7.9.0 or Newer
lunacm:>partition ciphershow
Cipher ID Cipher Suite Enabled
__________________________________________________________________________________
0 CPv3 RSA-4096-PKCS-SHA2-384 AES-256-GCM Yes
1 CPv4 ECDSA-P521-SHA2-512 ECDH-P521-SHA2-512 AES-256-GCM Yes
2 CPv4 ECDSA-P521-SHA2-512 ECDH-P521-SHA2-512 Yes
AES-256-CTR-HMAC-SHA2-512
3 CPv4 ECDSA-BP512-SHA2-512 ECDH-BP512-SHA2-512 Yes
AES-256-GCM
4 CPv4 ECDSA-BP512-SHA2-512 ECDH-BP512-SHA2-512 Yes
AES-256-CTR-HMAC-SHA2-512
5 CPv4 ECDSA-P521-SHA3-512 ECDH-P521-SHA3-512 AES-256-GCM Yes
6 CPv4 ECDSA-P521-SHA3-512 ECDH-P521-SHA3-512 Yes
AES-256-CTR-HMAC-SHA3-512
7 CPv4 ECDSA-BP512-SHA3-512 ECDH-BP512-SHA3-512 Yes
AES-256-GCM
8 CPv4 ECDSA-BP512-SHA3-512 ECDH-BP512-SHA3-512 Yes
AES-256-CTR-HMAC-SHA3-512
9 CPv4 ECDSA-P521-SHA2-512 ECDH-P521-ML-KEM1024-SHA2-512 Yes
AES-256-GCM
10 CPv4 ECDSA-P521-SHA2-512 ECDH-P521-ML-KEM1024-SHA2-512 Yes
AES-256-CTR-HMAC-SHA2-512
11 CPv4 ECDSA-BP512-SHA2-512 Yes
ECDH-BP512-ML-KEM1024-SHA2-512 AES-256-GCM
12 CPv4 ECDSA-BP512-SHA2-512 Yes
ECDH-BP512-ML-KEM1024-SHA2-512
AES-256-CTR-HMAC-SHA2-512
13 CPv4 ECDSA-P521-SHA3-512 ECDH-P521-ML-KEM1024-SHA3-512 Yes
AES-256-GCM
14 CPv4 ECDSA-P521-SHA3-512 ECDH-P521-ML-KEM1024-SHA3-512 Yes
AES-256-CTR-HMAC-SHA3-512
15 CPv4 ECDSA-BP512-SHA3-512 Yes
ECDH-BP512-ML-KEM1024-SHA3-512 AES-256-GCM
16 CPv4 ECDSA-BP512-SHA3-512 Yes
ECDH-BP512-ML-KEM1024-SHA3-512
AES-256-CTR-HMAC-SHA3-512
Command Result : No Error
Example using Luna HSM Firmware 7.8.9 or Older
lunacm:>partition ciphershow
Cipher ID Cipher Suite Enabled
__________________________________________________________________________________
0 CPv3 RSA-4096-PKCS-SHA-384 AES-256-GCM Yes
1 CPv4 ECDSA-P521-SHA-512 ECDH-P521-SHA512 AES-256-GCM Yes
2 CPv4 ECDSA-P521-SHA-512 ECDH-P521-SHA512 Yes
AES-256-CTR-SHA256-HMAC
3 CPv4 ECDSA-BP521-SHA-512 ECDH-BP521-SHA512 AES-256-GCM Yes
4 CPv4 ECDSA-BP521-SHA-512 ECDH-BP521-SHA512 Yes
AES-256-CTR-SHA256-HMAC
5 CPv4 ECDSA-P521-SHA3-512 ECDH-P521-SHA3-512 AES-256-GCM Yes
6 CPv4 ECDSA-P521-SHA3-512 ECDH-P521-SHA3-512 Yes
AES-256-CTR-SHA256-HMAC
7 CPv4 ECDSA-BP521-SHA3-512 ECDH-BP521-SHA3-512 Yes
AES-256-GCM
8 CPv4 ECDSA-BP521-SHA3-512 ECDH-BP521-SHA3-512 Yes
AES-256-CTR-SHA256-HMAC
Command Result : No Error
The above list might change with time, as newer cipher suites are added, or others age out.
