partition showPolicies

Display the policy settings of the specified partition. This command displays the specified partition's policies and capabilities. See Partition Capabilities and Policies for more information.

NOTE   This command requires Luna Appliance Software 7.8.1 or newer. It cannot be used on STC partitions; the Partition SO must use LunaCM at the client for partition management.

Each policy's current setting is displayed. For modifiable policies, the policy code is displayed for use when changing policies.

User Privileges

Users with the following privileges can perform this command:




partition showPolicies -partition <name> [-configonly] [-verbose]

Argument(s) Shortcut Description
-configonly -c List only the modifiable partition policies.
-partition -p The name of the partition for which policies will be displayed. To obtain a list of partitions, use the partition list command.
-verbose -v Display all partition policies, modifiable or not.


lunash:>partition showPolicies -partition myPartition -verbose

   Partition Name:                                myPartition
   Partition SN:                                 154438865353
   Partition Label:                               myPartition
   Partition Version:                                       0
   The following capabilities describe this partition and can
   never be changed.

   Description                              Value
   ===========                              =====
   Enable private key cloning               Allowed
   Enable private key wrapping              Allowed
   Enable private key unwrapping            Allowed
   Enable private key masking               Allowed
   Enable secret key cloning                Allowed
   Enable secret key wrapping               Allowed
   Enable secret key unwrapping             Allowed
   Enable secret key masking                Allowed
   Enable multipurpose keys                 Allowed
   Enable changing key attributes           Allowed
   Allow failed challenge responses         Allowed
   Enable operation without RSA blinding    Allowed
   Enable signing with non-local keys       Allowed
   Enable raw RSA operations                Allowed
   Max failed user logins allowed           10
   Enable high availability recovery        Allowed
   Enable activation                        Allowed
   Enable auto-activation                   Allowed
   Minimum pin length (inverted: 255 - min) 247
   Maximum pin length                       255
   Enable Key Management Functions          Allowed
   Enable RSA signing without confirmation  Allowed
   Enable private key unmasking             Allowed
   Enable secret key unmasking              Allowed
   Enable RSA PKCS mechanism                Allowed
   Enable CBC-PAD (un)wrap keys of any size Allowed
   Enable private key SFF backup/restore    Disallowed
   Enable secret key SFF backup/restore     Disallowed
   Enable enforcing Secure Trusted Channel  Allowed
   Enable Fast-Path                         Disallowed
   Enable Start/End Date Attributes         Allowed
   Enable Per-Key Authorization Data        Allowed
   Enable Partition Version                 Allowed
   Enable CPv1                              Allowed
   Enable non-FIPS algorithms               Allowed

   The following policies describe the current configuration
   of this partition and may be changed by the Partition Security Officer.

                 Code Description                                   Value Off-To-On On-To-Off

                  0   Allow private key cloning                      On      Yes       No
                  1   Allow private key wrapping                     Off     Yes       No
                  2   Allow private key unwrapping                   On      No        No
                  3   Allow private key masking                      Off     Yes       No
                  4   Allow secret key cloning                       On      Yes       No
                  5   Allow secret key wrapping                      On      Yes       No
                  6   Allow secret key unwrapping                    On      No        No
                  7   Allow secret key masking                       Off     Yes       No
                  10  Allow multipurpose keys                        On      Yes       No
                  11  Allow changing key attributes                  On      Yes       No
                  15  Ignore failed challenge responses              On      Yes       No
                  16  Operate without RSA blinding                   On      Yes       No
                  17  Allow signing with non-local keys              On      No        No
                  18  Allow raw RSA operations                       On      Yes       No
                  20  Max failed user logins allowed                 10      N/A       N/A
                  21  Allow high availability recovery               On      No        No
                  22  Allow activation                               On      No        No
                  23  Allow auto-activation                          On      No        No
                  25  Minimum pin length (inverted: 255 - min)       247     N/A       N/A
                  26  Maximum pin length                             255     N/A       N/A
                  28  Allow Key Management Functions                 On      Yes       No
                  29  Perform RSA signing without confirmation       On      Yes       No
                  31  Allow private key unmasking                    Off     No        No
                  32  Allow secret key unmasking                     Off     No        No
                  33  Allow RSA PKCS mechanism                       On      Yes       No
                  34  Allow CBC-PAD (un)wrap keys of any size        On      Yes       No
                  37  Force Secure Trusted Channel                   Off     No        Yes
                  39  Allow Start/End Date Attributes                Off     No        Yes
                  40  Require Per-Key Authorization Data             Off     Yes       Yes
                  41  Partition Version                               0      No        Yes
                  42  Allow CPv1                                     On      Yes       No
                  43  Allow non-FIPS algorithms                      On      Yes       No

Command Result : 0 (Success)