Cisco WS-C6509 Manuale d'uso - Pagina 22

Sfoglia online o scarica il pdf Manuale d'uso per Hardware di rete Cisco WS-C6509. Cisco WS-C6509 28. Catalyst 6500 series
Anche per Cisco WS-C6509: Manuale di aggiornamento (24 pagine), Scheda tecnica (30 pagine)

Stampa la pagina

1. Catalyst 6509 Switch and Cisco 7606 and Cisco 7609 Routers

Cryptographic Key Management

Table 3

CSP

Number

Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note

Critical Security Parameters (continued)

Key or CSP Name

Description

pre_shared_key

The key used to generate IKE key id during

preshared-key authentication. The no crypto isakmp key

command zeroizes it. This key can have two forms based

on whether the key is related to the hostname or the IP

address.

hmac_data

This key generates keys 3, 4, 5 and 6. This key is zeroized

after generating those keys.

sig_key

The RSA public key used to validate signatures within

IKE. These keys are expired either when the certificate

revocation list (CRL) expires or after 5 seconds if no CRL

exists. This key is deleted after the expiration happens

and before a new public key structure is created. This key

does not need to be zeroized because it is a public key.

secret_1_0_0

The fixed key used in Cisco vendor-ID generation. This

key is embedded in the module binary image and can be

deleted by erasing the flash memory.

transform_key3

The IPsec encryption key. It is zeroized when IPsec

session is terminated.

transform_key4

The IPsec authentication key. It is zeroized when IPsec

session is terminated.

signature

The RSA public key of the CA. The no crypto ca trust

label command invalidates the key and it frees the public

key label that prevents use of the key. This key does not

need to be zeroized because it is a public key.

dnssec_zone_key

This key is a public key of the DNS server. It is zeroized

using the no crypto ca trust label command which

invalidates the DNS server's public key and frees the

public key label, preventing the use of that key. This label

is different from the label in the above key. This key does

not need to be zeroized because it is a public key.

SLL session key

The SSL session key. It is zeroized when the SSL

connection is terminated.

ARAP key

The ARAP key that is hardcoded in the module binary

image. This key can be deleted by erasing the flash

memory.

ARAP password

This is an ARAP user password used as an authentication

key. A function uses this key in a DES algorithm for

authentication.

config key

The key used to encrypt values of the configuration file.

This key is zeroized when the command no key

config-key is issued.

Storage

NVRAM

(plaintext)

DRAM

(plaintext)

DRAM

(plaintext)

NVRAM

(plaintext)

DRAM

(plaintext)

DRAM

(plaintext)

NVRAM

(plaintext)

NVRAM

(plaintext)

DRAM

(plaintext)

Flash

(plaintext)

DRAM

(plaintext)

NVRAM

(plaintext)

OL-6334-01