| < Prev | Back to Table of Contents | Next > |
USM Key Management
- Converting Password to Unlocalized Key
- Converting Password to Localized Key
- Localizing Keys
- Generating Authentication KeyChange Values
- Generating Privacy KeyChange Values
Converting Password to Unlocalized Key
Syntax:
% snmpcmd usm passToKey ?option value
...? password
..where snmpcmd is the name of an SNMP
session, password is the password to be
converted, and a series of
option/value pairs
may be present to override session configuration parameters.
Returns:
The unlocalized key generated from the password using the configured or specified authentication protocol.
Options
| Option | Description |
|---|---|
-authproto |
Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the key. If unspecified, the configured authentication protocol for the session is used. |
Example
% snmplib usm passToKey -authproto HMAC-MD5-96 maplesyrup 0x9f:af:32:83:88:4e:92:83:4e:bc:98:47:d8:ed:d9:63
Converting Password to Localized Key
Syntax:
% snmpcmd usm passToLocKey ?option
value ...? password
..where snmpcmd is the name of an SNMP
session, password is the password to be
converted, and a series of
option/value pairs
may be present to override session configuration parameters.
Returns:
The localized key generated from the password using the configured or specified authentication protocol and Engine ID. Note that the key returned is the full-length key appropriate to the authentication protocol, which may be longer than required for the privacy protocol (e.g. 20 octets versus 16 in the case of HMAC-SHA-96 and CBC-DES).
Options
| Option | Description |
|---|---|
-authproto |
Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the key. If unspecified, the configured authentication protocol for the session is used. |
-engineid |
Specifies the Engine ID to use for localizing the generated key. If unspecified, the known Engine ID for the configured remote engine for the session is used. |
Example
% snmplib usm passToLocKey -authproto HMAC-MD5-96 \
-engineid 0x00:00:00:00:00:00:00:00:00:00:00:02 maplesyrup
0x52:6f:5e:ed:9f:cc:e2:6f:89:64:c2:93:07:87:d8:2b
Localizing Keys
Syntax:
% snmpcmd usm localizeKey ?option
value ...? key
..where snmpcmd is the name of an SNMP
session, key is the key to be localized, and
a series of
option/value pairs
may be present to override session configuration parameters.
Returns:
The localized key generated from the unlocalized key the configured or specified authentication protocol and Engine ID. Note that the key returned is the full-length key appropriate to the authentication protocol, which may be longer than required for the privacy protocol (e.g. 20 octets versus 16 in the case of HMAC-SHA-96 and CBC-DES).
Options
| Option | Description |
|---|---|
-authproto |
Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the key. If unspecified, the configured authentication protocol for the session is used. |
-engineid |
Specifies the Engine ID to use for localizing the generated key. If unspecified, the known Engine ID for the configured remote engine for the session is used. |
Example
% snmplib usm localizeKey -authproto HMAC-MD5-96 \
-engineid 0x00:00:00:00:00:00:00:00:00:00:00:02 \
0x9f:af:32:83:88:4e:92:83:4e:bc:98:47:d8:ed:d9:63
0x52:6f:5e:ed:9f:cc:e2:6f:89:64:c2:93:07:87:d8:2b
Generating Authentication KeyChange Values
Syntax:
% snmpcmd usm authKeyChange ?option
value ...? old new
..where snmpcmd is the name of an SNMP
session, old and new
are the old and new keys, and a series of
option/value pairs
may be present to override session configuration parameters.
Returns:
The unlocalized key generated from the password using the configured or specified authentication protocol.
Options
| Option | Description |
|---|---|
-authproto |
Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the KeyChange value. If unspecified, the configured authentication protocol for the session is used. |
-salt |
By default, the delta component of the KeyChange value is randomly generated by the SDK. This option may be used to specify the delta component for purpose of testing or using an alternate source of random data. |
Example
% snmplib usm authKeyChange -authproto HMAC-MD5-96 \
0x52:6f:5e:ed:9f:cc:e2:6f:89:64:c2:93:07:87:d8:2b \
0x87:02:1d:7b:d9:d1:01:ba:05:ea:6e:3b:f9:d9:bd:4a
0x00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:88:05:61:51:41:67:6c:c9:19:61:74:e7:42:a3:25:51
Generating Privacy KeyChange Values
Syntax:
% snmpcmd usm privKeyChange ?option
value ...? password
..where snmpcmd is the name of an SNMP
session, old and new
are the old and new keys, and a series of
option/value pairs
may be present to override session configuration parameters.
Returns:
The unlocalized key generated from the password using the configured or specified authentication protocol.
Options
| Option | Description |
|---|---|
-authproto |
Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the KeyChange value. If unspecified, the configured authentication protocol for the session is used. |
-privproto |
Specifies the privacy protocol to use in generating the KeyChange value. If unspecified, the configured authentication protocol for the session is used. At present, only CBC-DES is supported. |
-salt |
By default, the delta component of the KeyChange value is randomly generated by the SDK. This option may be used to specify the delta component for purpose of testing or using an alternate source of random data. |
Example
% snmplib usm privKeyChange -authproto HMAC-SHA-96 \
0x66:95:fe:bc:92:88:e3:62:82:23:5f:c7:15:1f:12:84:97:b3:8f:3f \
0x78:e2:dc:ce:79:d5:94:03:b5:8c:1b:ba:a5:bf:f4:63:91:f1:cd:25
0x00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:7e:f8:d8:a4:c9:cd:b2:6b:47:59:1c:d8:52:ff:88:b5
| < Prev | Back to Table of Contents | Next > |