test

系统管理指南:安全性服务

Procedure如何禁用硬件提供器机制和功能

可以有选择地禁用硬件提供器的机制和随机数功能。要再次启用它们,请参见示例 14–24

  1. 列出板中可用的机制和功能。


    % cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is enabled.

  2. 成为超级用户或承担包括加密管理权限配置文件的角色。

    要创建包括加密管理权限配置文件的角色并将该角色指定给用户,请参见示例 9–7

  3. 选择要禁用的机制或功能:

    • 禁用选择的机制。


      # cryptoadm list -m provider=dca/0

dca/0: CKM_MD5,CKM_MD5_HMAC,CKM_MD5_HMAC_GENERAL,…

CKM_DES_ECB,CKM_DES3_ECB…

random is enabled.

# cryptoadm disable provider=dca/0 mechanism=CKM_DES_ECB,CKM_DES3_ECB

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled except CKM_DES_ECB,CKM_DES3_ECB.

random is enabled.

    • 禁用随机数生成器。


      # cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is enabled.

# cryptoadm disable provider=dca/0 random

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is disabled.

    • 禁用所有机制。不禁用随机数生成器。


      # cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is enabled.

# cryptoadm disable provider=dca/0 mechanism=all

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are disabled. random is enabled.

    • 禁用硬件的每种功能和机制。


      # cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is enabled.

# cryptoadm disable provider=dca/0 all

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are disabled. random is disabled.
示例 14–24 启用硬件提供器的机制和功能

在以下示例中,将有选择地启用单个硬件的已禁用机制。


# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled except CKM_DES_ECB,CKM_DES3_ECB.

random is enabled.

# cryptoadm enable provider=dca/0 mechanism=CKM_DES3_ECB

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled except CKM_DES_ECB. random is enabled.

在以下示例中,将仅启用随机数生成器。


# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,…. 

random is disabled.

# cryptoadm enable provider=dca/0 random

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,….

random is enabled.

在以下示例中,将仅启用机制。将继续禁用随机生成器。


# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,…. 

random is disabled.

# cryptoadm enable provider=dca/0 mechanism=all

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is disabled.

在以下示例中,将启用板中的所有功能和机制。


# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled, except CKM_DES_ECB,CKM_DES3_ECB.

random is disabled.

# cryptoadm enable provider=dca/0 all

# cryptoadm list -p provider=dca/0

dca/0: all mechanisms are enabled. random is enabled.