可以有选择地禁用硬件提供器的机制和随机数功能。要再次启用它们,请参见示例 14–24。
列出板中可用的机制和功能。
% cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is enabled. |
成为超级用户或承担包括加密管理权限配置文件的角色。
要创建包括加密管理权限配置文件的角色并将该角色指定给用户,请参见示例 9–7。
选择要禁用的机制或功能:
禁用选择的机制。
# cryptoadm list -m provider=dca/0 dca/0: CKM_MD5,CKM_MD5_HMAC,CKM_MD5_HMAC_GENERAL,… CKM_DES_ECB,CKM_DES3_ECB… random is enabled. # cryptoadm disable provider=dca/0 mechanism=CKM_DES_ECB,CKM_DES3_ECB # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled except CKM_DES_ECB,CKM_DES3_ECB. random is enabled. |
禁用随机数生成器。
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is enabled. # cryptoadm disable provider=dca/0 random # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is disabled. |
禁用所有机制。不禁用随机数生成器。
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is enabled. # cryptoadm disable provider=dca/0 mechanism=all # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are disabled. random is enabled. |
禁用硬件的每种功能和机制。
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is enabled. # cryptoadm disable provider=dca/0 all # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are disabled. random is disabled. |
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled except CKM_DES_ECB,CKM_DES3_ECB. random is enabled. # cryptoadm enable provider=dca/0 mechanism=CKM_DES3_ECB # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled except CKM_DES_ECB. random is enabled. |
在以下示例中,将仅启用随机数生成器。
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,…. random is disabled. # cryptoadm enable provider=dca/0 random # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,…. random is enabled. |
在以下示例中,将仅启用机制。将继续禁用随机生成器。
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled, except CKM_MD5,CKM_MD5_HMAC,…. random is disabled. # cryptoadm enable provider=dca/0 mechanism=all # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is disabled. |
在以下示例中,将启用板中的所有功能和机制。
# cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled, except CKM_DES_ECB,CKM_DES3_ECB. random is disabled. # cryptoadm enable provider=dca/0 all # cryptoadm list -p provider=dca/0 dca/0: all mechanisms are enabled. random is enabled. |