ADC CLI Commands

ns-hmacKey

The following operations can be performed on “ns-hmacKey”:

unset set rm add show

unset ns hmacKey

Use this command to remove ns hmacKey settings.Refer to the set ns hmacKey command for meanings of the arguments.

Synopsis

unset ns hmacKey -comment

set ns hmacKey

Change an existing HMAC key.

Synopsis

set ns hmacKey [-digest ] [-keyValue ] [-comment ]

Arguments

name Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

digest Digest (hash) function to be used in the HMAC computation.

Possible values: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512

keyValue The hex-encoded key to be used in the HMAC computation. The key can be any length (up to a Citrix ADC-imposed maximum of 255 bytes). If the length is less than the digest block size, it will be zero padded up to the block size. If it is greater than the block size, it will be hashed using the digest function to the block size. The block size for each digest is: MD2 - 16 bytes MD4 - 16 bytes MD5 - 16 bytes SHA1 - 20 bytes SHA224 - 28 bytes SHA256 - 32 bytes SHA384 - 48 bytes SHA512 - 64 bytes Note that the key will be encrypted when it it is saved

There is a special key value AUTO which generates a new random key for the specified digest. This kind of key is intended for use cases where the NetScaler both generates and verifies an HMAC on the same data.

comment Comments associated with this encryption key.

Example

set ns hmacKey my_hmac_key -keyValue f348c594341a840a1f641a1cf24aa24c15eb1317

rm ns hmacKey

Remove an HMACkey. There can be no existing HMAC() functions that use the key.

Synopsis

rm ns hmacKey

Arguments

name Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

Example

rm ns hmacKey my_hmac_key

add ns hmacKey

Create a key to be used in HMAC() policy functions.

Synopsis

add ns hmacKey -digest [-keyValue ] [-comment ]

Arguments

name Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

digest Digest (hash) function to be used in the HMAC computation.

Possible values: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512

keyValue The hex-encoded key to be used in the HMAC computation. The key can be any length (up to a Citrix ADC-imposed maximum of 255 bytes). If the length is less than the digest block size, it will be zero padded up to the block size. If it is greater than the block size, it will be hashed using the digest function to the block size. The block size for each digest is: MD2 - 16 bytes MD4 - 16 bytes MD5 - 16 bytes SHA1 - 20 bytes SHA224 - 28 bytes SHA256 - 32 bytes SHA384 - 48 bytes SHA512 - 64 bytes Note that the key will be encrypted when it it is saved

There is a special key value AUTO which generates a new random key for the specified digest. This kind of key is intended for use cases where the NetScaler both generates and verifies an HMAC on the same data.

comment Comments associated with this encryption key.

Example

add ns hmacKey my_hmac_key -digest sha1 -keyValue 0c753c6c5ef859189cacdf95b506d02c1797407d

show ns hmacKey

Display configured HMAC keys

Synopsis

show ns hmacKey []

Arguments

name Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

Output

digest Digest (hash) function to be used in the HMAC computation.

keyValue The hex-encoded key to be used in the HMAC computation. The key can be any length (up to a Citrix ADC-imposed maximum of 255 bytes). If the length is less than the digest block size, it will be zero padded up to the block size. If it is greater than the block size, it will be hashed using the digest function to the block size. The block size for each digest is: MD2 - 16 bytes MD4 - 16 bytes MD5 - 16 bytes SHA1 - 20 bytes SHA224 - 28 bytes SHA256 - 32 bytes SHA384 - 48 bytes SHA512 - 64 bytes Note that the key will be encrypted when it it is saved

There is a special key value AUTO which generates a new random key for the specified digest. This kind of key is intended for use cases where the NetScaler both generates and verifies an HMAC on the same data.

comment Comments associated with this encryption key.

stateflag devno count

ns-hmacKey