hsm stc cipher disable

Disable the use of a symmetric encryption cipher algorithm for data encryption on the secure trusted channel (STC) admin channel.The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition.

NOTE   The STC admin channel is configurable using Luna Appliance Software 7.4.0 and older, and Luna HSM Firmware 7.4.2 and older. This feature is not available in Luna HSM Firmware 7.7.0 and newer.

All data transmitted over the STC link will be encrypted using the cipher that is both enabled and that offers the highest level of security. For example, if AES 192 and AES 256 are enabled, and AES 128 is disabled, AES 256 will be used. You can use the command hsm stc cipher show to show which ciphers are currently enabled/disabled.

NOTE   Performance is reduced for larger ciphers.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

hsm stc cipher disable {-all | -id <cipher_id>} [-force]

Argument(s) Shortcut Description
-all -a Disable all ciphers.
-id <cipher_id> -i Specifies the numerical identifier of the cipher you want to disable, as listed using the command hsm stc cipher show.
-force -f Force the action without prompting.

Example

lunash:>hsm stc cipher disable -id 3

AES 256 Bit with Cipher Block Chaining is now disabled.


Command Result : 0 (Success)