Cisco 7606 Podręcznik użytkownika - Strona 22

Przeglądaj online lub pobierz pdf Podręcznik użytkownika dla Sprzęt sieciowy Cisco 7606. Cisco 7606 28 stron. User guide
Również dla Cisco 7606: Broszura (8 strony)

Cisco 7606 Podręcznik użytkownika

Cryptographic Key Management

Table 3
CSP
Number
10
11
12
13
14
15
16
17
18
19
20
21
Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note
22
Critical Security Parameters (continued)
Key or CSP Name
Description
pre_shared_key
The key used to generate IKE key id during
preshared-key authentication. The no crypto isakmp key
command zeroizes it. This key can have two forms based
on whether the key is related to the hostname or the IP
address.
hmac_data
This key generates keys 3, 4, 5 and 6. This key is zeroized
after generating those keys.
sig_key
The RSA public key used to validate signatures within
IKE. These keys are expired either when the certificate
revocation list (CRL) expires or after 5 seconds if no CRL
exists. This key is deleted after the expiration happens
and before a new public key structure is created. This key
does not need to be zeroized because it is a public key.
secret_1_0_0
The fixed key used in Cisco vendor-ID generation. This
key is embedded in the module binary image and can be
deleted by erasing the flash memory.
transform_key3
The IPsec encryption key. It is zeroized when IPsec
session is terminated.
transform_key4
The IPsec authentication key. It is zeroized when IPsec
session is terminated.
signature
The RSA public key of the CA. The no crypto ca trust
label command invalidates the key and it frees the public
key label that prevents use of the key. This key does not
need to be zeroized because it is a public key.
dnssec_zone_key
This key is a public key of the DNS server. It is zeroized
using the no crypto ca trust label command which
invalidates the DNS server's public key and frees the
public key label, preventing the use of that key. This label
is different from the label in the above key. This key does
not need to be zeroized because it is a public key.
SLL session key
The SSL session key. It is zeroized when the SSL
connection is terminated.
ARAP key
The ARAP key that is hardcoded in the module binary
image. This key can be deleted by erasing the flash
memory.
ARAP password
This is an ARAP user password used as an authentication
key. A function uses this key in a DES algorithm for
authentication.
config key
The key used to encrypt values of the configuration file.
This key is zeroized when the command no key
config-key is issued.
Storage
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
Flash
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
OL-6334-01