Crypto commands

Crypto mode provides the commands to manage cryptographic resources on the DataPower® Gateway.

To enter the configuration mode, use the Global crypto command.

While in this mode, use the commands in the following table to manage cryptographic resources.

To exit this mode and save changes to the running configuration, use the exit command.

Table 1. Cryptographic commands
Command Purpose
authcookie-cache-delete This command deletes AuthCookie cache entries.
certificate This command creates an alias for an X.509 certificate.
cert-monitor This command enters Certificate Monitor mode.
convert-certificate This command converts a certificate alias to a specific output format and writes it to a file.
convert-key This command converts a private key alias to a specific output format and writes it to a file.
cookie-attribute-policy This command enters Cookie Attribute Policy mode.
create-luna-clientcert This command creates the Luna client certificate and key pair for the DataPower Gateway.
crl This command enters CRL mode to create or modify a CRL update policy.
crypto-export This command creates an export package that contains a certificate or key.
crypto-hw-disable This command schedules how many aspects of the cryptographic card to disable for the next firmware reload.
crypto-import This command imports an export package that contains a certificate or key.
crypto-mode-set This command sets the appliance-wide cryptographic mode for the next firmware reload.
fwcred This command enters Firewall Credentials mode.
hsm-clone-kwk This command clones a key wrapping key between HSM-equipped appliances.
hsm-delete-key This command deletes a key from the HSM (Hardware Security Module).
hsm-reinit This command schedules an HSM reinitialization for the next restart. When the appliance restarts, initialization destroys all data on the HSM.
hsm-set-role This command specifies that the FIPS 140-2 role is Crypto User (CU) or Crypto Officer (CO).
idcred This command creates identification credentials.
import-luna-clientcert This command imports an existing Luna client certificate-key pair for the DataPower Gateway.
jose-recipient-identifier This command enters Recipient Identifier mode.
jose-signature-identifier This command enters Signature Identifier mode.
jwe-header This command enters JWE Header mode.
jwe-recipient This command enters JWE Recipient mode.
jws-signature This command enters JWS Signature mode.
jwt-generator This command enters JWT Generator mode.
jwt-validator This command enters JWT Validator mode.
kerberos-kdc This command enters Kerberos KDC Server mode.
kerberos-keytab This command enters Kerberos Keytab mode.
kerberos-ticket-delete This command deletes Kerberos tickets from the cache.
key This command creates an alias for a private key.
keygen This command generates a public-private key pair and a CSR (certificate signing request) for a server.
oauth-cache-delete This command deletes the data for an OAuth client from the OAuth cache.
password-map This command manages encrypted passwords to password aliases in a password map file.
social-login-policy This command enters Social Login Policy mode.
sshclientprofile This command enters SSH Client Profile mode.
sskey This command creates an alias for a shared secret key.
ssl-client This command enters SSL Client Profile mode.
ssl-server This command enters SSL Server Profile mode.
ssl-sni-mapping This command enters SSL Host Name Mapping mode.
ssl-sni-server This command enters SSL SNI Server Profile mode.
test password-map This command tests the association between an encrypted password alias and a file.
valcred This command enters Validation Credentials mode.