ns-hmacKey¶

The following operations can be performed on "ns-hmacKey":

add ns hmacKey¶

Create a key to be used in HMAC() policy functions.

Synopsis¶

add ns hmacKey <name> -digest <digest> [-keyValue ] [-comment <string>]

Arguments¶

name

Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

digest

Digest (hash) function to be used in the HMAC computation.

Possible values: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512

keyValue

The hex-encoded key to be used in the HMAC computation. The key can be any length (up to a Citrix ADC-imposed maximum of 255 bytes). If the length is less than the digest block size, it will be zero padded up to the block size. If it is greater than the block size, it will be hashed using the digest function to the block size. The block size for each digest is: MD2 - 16 bytes MD4 - 16 bytes MD5 - 16 bytes SHA1 - 20 bytes SHA224 - 28 bytes SHA256 - 32 bytes SHA384 - 48 bytes SHA512 - 64 bytes Note that the key will be encrypted when it it is saved

There is a special key value AUTO which generates a new random key for the specified digest. This kind of key is intended for use cases where the NetScaler both generates and verifies an HMAC on the same data.

comment

Comments associated with this encryption key.

Example¶

add ns hmacKey my_hmac_key -digest sha1 -keyValue 0c753c6c5ef859189cacdf95b506d02c1797407d

set ns hmacKey¶

Change an existing HMAC key.

Synopsis¶

set ns hmacKey <name> [-digest <digest>] [-keyValue ] [-comment <string>]

Arguments¶

name

Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

digest

Digest (hash) function to be used in the HMAC computation.

Possible values: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512

keyValue

The hex-encoded key to be used in the HMAC computation. The key can be any length (up to a Citrix ADC-imposed maximum of 255 bytes). If the length is less than the digest block size, it will be zero padded up to the block size. If it is greater than the block size, it will be hashed using the digest function to the block size. The block size for each digest is: MD2 - 16 bytes MD4 - 16 bytes MD5 - 16 bytes SHA1 - 20 bytes SHA224 - 28 bytes SHA256 - 32 bytes SHA384 - 48 bytes SHA512 - 64 bytes Note that the key will be encrypted when it it is saved

There is a special key value AUTO which generates a new random key for the specified digest. This kind of key is intended for use cases where the NetScaler both generates and verifies an HMAC on the same data.

comment

Comments associated with this encryption key.

Example¶

set ns hmacKey my_hmac_key -keyValue f348c594341a840a1f641a1cf24aa24c15eb1317

unset ns hmacKey¶

Use this command to remove ns hmacKey settings.Refer to the set ns hmacKey command for meanings of the arguments.

Synopsis¶

unset ns hmacKey <name> -comment

rm ns hmacKey¶

Remove an HMACkey. There can be no existing HMAC() functions that use the key.

Synopsis¶

rm ns hmacKey <name>

Arguments¶

name

Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

Example¶

rm ns hmacKey my_hmac_key

show ns hmacKey¶

Display configured HMAC keys

Synopsis¶

show ns hmacKey [<name>]

Arguments¶

name

Key name. This follows the same syntax rules as other expression entity names: It must begin with an alpha character (A-Z or a-z) or an underscore (_). The rest of the characters must be alpha, numeric (0-9) or underscores. It cannot be re or xp (reserved for regular and XPath expressions). It cannot be an expression reserved word (e.g. SYS or HTTP). It cannot be used for an existing expression object (HTTP callout, patset, dataset, stringmap, or named expression).

Output¶

digest

Digest (hash) function to be used in the HMAC computation.

keyValue

The hex-encoded key to be used in the HMAC computation. The key can be any length (up to a Citrix ADC-imposed maximum of 255 bytes). If the length is less than the digest block size, it will be zero padded up to the block size. If it is greater than the block size, it will be hashed using the digest function to the block size. The block size for each digest is: MD2 - 16 bytes MD4 - 16 bytes MD5 - 16 bytes SHA1 - 20 bytes SHA224 - 28 bytes SHA256 - 32 bytes SHA384 - 48 bytes SHA512 - 64 bytes Note that the key will be encrypted when it it is saved

There is a special key value AUTO which generates a new random key for the specified digest. This kind of key is intended for use cases where the NetScaler both generates and verifies an HMAC on the same data.