hsm stc identity delete
Delete the client identity from the STC admin channel identity token. The STC admin channel is local to the appliance, and is used to transmit data between the local services and applications running on the appliance (such as LunaSH, NTLS, and the STC service) and the HSM SO partition.
NOTE The STC admin channel is configurable using Luna Appliance Software 7.4.0 and older, and Luna HSM Firmware 7.4.2 and older. This feature is not available in Luna HSM Firmware 7.7.0 and newer.
This command, in conjunction with hsm stc identity create allows you to re-generate the token identity key pair if required for security reasons (for example, if the token is compromised), or for administrative reasons (for example, to perform a key rotation).
This command does the following, in the order specified:
1.Deletes the LunaSH STC client identity public key in the HSM SO partition.
2.Deletes the HSM SO partition identity.
3.Deletes the LunaSH STC client identity.
If any of the identities fail to be deleted, the command will report the failure but will continue to delete the client identity.
NOTE To protect the integrity of any existing STC links, you cannot execute this command if HSM policy 39: Allow Secure Trusted Channel is enabled.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
stc identity delete [-force]
Argument(s) | Shortcut | Description |
---|---|---|
-force | -f | Force the action without prompting. |
Example
lunash:>stc identity delete Are you sure you want to delete the client identity HsmClientId? All registered HSM partitions will no longer be available to this client token. Type 'proceed' to continue, or 'quit' to quit now. > proceed Successfully deleted client identity. Command Result : 0 (Success)