To regenerate encryption and hashing keys, use the –E and –H options respectively. The existing encryption key or HMAC key would be invalidated and replaced. You can regenerate these keys separately or together by specifying both options in the single command.
The HMAC type affects the behavior of the –H key regeneration option. If you regenerate the keys without specifying the HMAC type, existing hash keys are destroyed, and only the hash key for the current HMAC type configuration for that service or client is generated.
Consider the following command use cases:
$ installadm set-entity -H
If the current HMAC type is SHA1, the command destroys current keys and generates SHA1 keys.
$ installadm set-entity -f hmac-sha256 -H
If the current HMAC type is SHA1, the command destroys current keys and generates SHA256 keys.
Note that the –H option is for key regeneration only. An error would occur if you use the option while no keys actually exist.