ASE2000 V2 Communication Test Set User Manual 170
26.5.3. DNP3 – Update Keys Overview
Central to DNP3 Secure Authentication is the concept of a pre-shared key called the Update
Key. The Update Key is used to encrypt dynamically created and exchanged Session Keys.
Session Keys are temporary in that new Session Keys are created and exchanged under various
circumstances dictated by the DNP3 Secure Authentication Speciîš¿cation. The speciîš¿cation does
not deîš¿ne a mechanism for the creation and exchange of the Update Key.
The Update Key is the key that must be guarded carefully; knowledge of this key gives you
complete access to DNP3 Secure Authentication. Each organization has procedures and policies
regarding the creation of exchange the Update Keys.
A menu for Update key information entry is accessed by selecting the Manage Update Keys
option from the DNP3 SAv2 or SAv5 sub-tab menu.
The speciîš¿cation deîš¿nes three types of Update Keys, identiîš¿ed by a non-zero User ID. Only one
key need be entered to use Secure Authentication, but this key must be the same as used by the
device to which the ASE2000 communicates. The three types, identiîš¿ed by User ID, are:
Master Key – is a single update key used that can be used for all communication and is entered
in the Update Key îš¿eld with a User ID of one (1).
RTU Key – is a key used for communication to a given RTU. The RTU Key is entered in the
Update Key îš¿eld with a User ID of two (2).
User Key – is a separate key assigned to a given user (master station). On entry, both the User
ID and associated Key must be provided. A User Key has a User ID of three (3) or higher.
26.5.4. DNP3 – Update Key Entry
The keys themselves are binary, but are displayed in ASCII using a Base64 format, the standard
format for key display. As the name implies this is a base 64 representation of the key value.
• A production update key generated from a external source (not the ASE2000) is best entered
using normal copy and paste operations
• A test update key can be generated by selecting the Key target from the DNP3 Key Entry
menu. This allows testing of the Secure Authentication functions without the need to acquire
a key through normal company procedures. The test key must also be provided to the device
being tested. Obviously, a test key should not be used in a production environment.
To Next Page
Loading...
Need help?
General
