Security
152
System Management Guide
3HE 11018 AAAC TQZZA Edition: 01
entry
Syntax entry entry-id [key authentication-key | hash-key | hash2-key [hash | hash2] algorithm
algorithm]
no entry entry-id
Context config>system>security>keychain>direction>bi
config>system>security>keychain>direction>uni>receive
config>system>security>keychain>direction>uni>send
Description This command defines a key in the keychain. A keychain must have at least one key entry to
be valid.
The key and algorithm keywords are mandatory when the entry is first created.
The no form of the command removes the entry from the keychain. If the key is the active key
for sending, this command will cause a new active key to be selected (if one is available). If
the key is the only possible send key, the command will be rejected and an error indicating
that the configured key is the only available send key will be displayed. If the key is one of the
eligible keys for receiving, it will be removed. If the key is the only eligible key for receiving,
the command will be rejected and an error indicating that this is the only eligible key will be
displayed.
Default n/a
Parameters entry-id — the ID of the key entry
Values 0 to 63 | null-key (the null-key parameter does not apply and should
be ignored)
key — the authentication key ID that is used along with keychain-name and direction to
uniquely identify this particular key entry
authentication-key — the authentication key that will be used by the encryption algorithm,
up to 20 characters in any combination of letters and numbers. The key is used to
sign and authenticate a protocol packet.
Values the key must be 160 bits for algorithm hmac-sha-1-96 and must be
128 bits for algorithm aes-128-cmac-96. If the key is configured with
fewer than this number of bits, it is padded internally with zero bits
up to the correct length.
hash-key | hash2-key — the hash key. The key can be any combination of ASCII
characters up to 33 for the hash-key and up to 96 for the hash2-key (encrypted). If
spaces are used in the string, the entire string must be enclosed in double quotes.
This parameter is useful when a user must configure the parameter, but for security
purposes, the actual unencrypted key value is not provided.
hash — specifies that the key is entered in an encrypted form. If the hash or hash2
parameter is not used, the key is assumed to be in an unencrypted, clear text form.
For security, all keys are stored in encrypted form in the configuration file with the
hash or hash2 parameter specified
To Next Page
Loading...
