stc rekeyThreshold set

Set the rekey threshold for the symmetric key used to encrypt data on an STC link. The symmetric key is used to encode the number of messages specified by the threshold value, after which it is regenerated and the counter is reset to 0.

NOTE   Secure Trusted Channel (STC) changes format for Luna HSM Firmware 7.7.0; LunaSH commands used by the HSM SO for STC are described here for Luna HSM Firmware 7.4.2 and older, and are discontinued for Luna HSM Firmware 7.7.0 and newer.

For Luna HSM Firmware 7.7.0 and newer, only the Partition SO can configure these STC options, using LunaCM (see stcconfig) after the partition is initialized.

The default of 400 million messages would force a rekeying operation once every 24 hours on an HSM under heavy load (processing approximately 5000 messages/second), or once a week for an HSM under light load (processing approximately 700 messages/second).

You must be logged in as the HSM SO to use this command.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

stc rekeyThreshold set -partition <partition> -value <threshold>

Argument(s) Shortcut Description
-partition <partition_name> -p Specifies the name of the partition for which you want to specify the STC rekey threshold.
-value <threshold> -v

An integer that specifies the key life (in millions of encoded messages) for the STC symmetric key.

Enter a value of 0 to disable rekeying.

Range: 0 to 4000 million messages.

Default: 400 million messages.

Example

lunash:>stc rekeyThreshold set -partition partition2 -value 200

Successfully changed the rekey threshold for partition partition2 to 200 million messages.


Command Result : 0 (Success)