display keychain

Function

The display keychain command displays the configuration of a specified keychain.

Format

display keychain keychain-name [ key-id key-id ]

Parameters

Parameter	Description	Value
keychain-name	Displays the configuration of a keychain with a specified name.	The keychain must already exist.
key-id key-id	Displays the configuration of a specified key in the keychain.	The key must already exist.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To troubleshoot a keychain authentication failure or collect required information before configuration, run the display keychain command to view configurations of a specified keychain.

Example

# Display the configuration of keychain huawei when no key ID is configured for the keychain.

<HUAWEI> display keychain huawei
 Keychain Information:                                                          
 ---------------------                                                          
 Keychain Name             : huawei                                             
   Timer Mode              : Absolute                                           
   Time Type               : Lmt                                                
   Receive Tolerance(min)  : 0                                                  
   TCP Kind                : 254                                                
   TCP Algorithm IDs       :                                                    
     HMAC-MD5              : 5                                                  
     HMAC-SHA1-12          : 2                                                  
     HMAC-SHA1-20          : 6                                                  
     HMAC-SHA-256          : 7                                                  
     SHA-256               : 8                                                  
     MD5                   : 3                                                  
     SHA1                  : 4                                                  
 Number of Key IDs         : 0                                                  
 Active Send Key ID        : None                                               
 Active Receive Key IDs    : None                                               
 Default send Key ID       : Not configured

# Display the configuration of keychain huawei when a key ID is configured for the keychain.

<HUAWEI> display keychain huawei
 Keychain Information:
 ---------------------
 Keychain Name             : huawei
   Timer Mode              : Absolute
   Time Type               : Lmt
   Receive Tolerance(min)  : 100
   TCP Kind                : 182
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     HMAC-SHA-256          : 7
     SHA-256               : 8
     MD5                   : 3
     SHA1                  : 4
 Number of Key IDs         : 1
 Active Send Key ID        : 1
 Active Receive Key IDs    : 01
 Default send Key ID       : 1

 Key ID Information:
 -------------------
 Key ID                    : 1
   Key string              : ******
   Algorithm               : MD5
   SEND TIMER              :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active
   RECEIVE TIMER           :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active

 Key ID                    : 2
   Key string              : -
   Algorithm               : -
   SEND TIMER              :
     Status                : Inactive
   RECEIVE TIMER           :
     Status                : Inactive

# Display the configuration of key-id 1 in the keychain huawei.

<HUAWEI> display keychain huawei key-id 1
 Keychain Information:
 ---------------------
 Keychain Name             : huawei
   Timer Mode              : Absolute
   Time Type               : Lmt
   Receive Tolerance(min)  : 100
   TCP Kind                : 182
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     HMAC-SHA-256          : 7
     SHA-256               : 8
     MD5                   : 3
     SHA1                  : 4

 Key ID Information:
 -------------------
 Key ID                    : 1
   Key string              : ******
   Algorithm               : MD5
   SEND TIMER              :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active
   RECEIVE TIMER           :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active
   DEFAULT SEND KEY ID INFORMATION
     Default               : Configured
     Status                : Inactive

**Table 1** Description of the display keychain command output
Item	Description
Keychain Name	Name of a keychain. To set the keychain name, run the keychain command.
Timer Mode	Time mode of a keychain. Absolute: The keychain takes effect in an absolute time range. Daily periodic: The keychain is valid on a daily basis. Weekly periodic: The keychain is valid on a weekly basis. Monthly periodic: The keychain is valid on a monthly basis. Yearly periodic: The keychain is valid on a yearly basis. To set the time mode, run the keychain command.
Time Type	Specifies the timing type of the keychain.
Receive Tolerance(min)	Receive tolerance time configured for a keychain. To set the receive tolerance time, run the receive-tolerance command.
TCP Kind	TCP kind value configured for a keychain. To set the TCP kind value, run the tcp-kind command.
TCP Algorithm IDs	TCP algorithm ID configured for a keychain. The characteristics of each authentication algorithm are as follows: MD5(Message Digest 5): The 128-bit MD5 message digest is calculated based on the entered message of any length. SHA-1(Secure Hash Algorithm): The 160-bit SHA-1 message digest is calculated based on the entered message with the length shorter than the 64th power of 2. HMAC-MD5(Keyed-Hashing for Message Authentication-md5): The 128-bit HMAC-MD5 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. NOTE: If the length of an entered message is less than 512 bits, 0s are added to make up a 512-bit message. If the length of an entered message is greater than 512 bits, the message is converted into a 128-bit message based on the MD5 algorithm. Then, 0s are added to make up a 512-bit message. HMAC-SHA1-12: The 160-bit HMAC-SHA1-12 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. The leftmost 96 bits (12 x 8) are used as the authentication code. HMAC-SHA1-20: The 160-bit HMAC-SHA1-20 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 160 bits are used as the authentication code. SHA-256: The 256-bit SHA-2 message digest is calculated based on the entered message with the length shorter than the 64th power of 2. HMAC-SHA-256: The 256-bit HMAC-SHA-256 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 256 bits are used as the authentication code. SM3: The 256-bit SM3 message digest is calculated based on the entered message of any length. All the 256 bits are used as the authentication code. To set the TCP algorithm ID, run the tcp-algorithm-id command.
Number of Key IDs	Number of key IDs.
Active Send Key ID	ID of the active send key.
Active Receive Key IDs	ID of the active receive key.
Default send Key ID	ID of the default send key.
Key ID	Key configured in a keychain. To set the key ID, run the key-id command.
Key string	Key string configured for the key. To set the key string, run the key-string command.
Algorithm	Algorithm configured for the key. To set the algorithm for a key, run the algorithm command. The characteristics of each authentication algorithm are as follows: MD5(Message Digest 5): The 128-bit MD5 message digest is calculated based on the entered message of any length. SHA-1(Secure Hash Algorithm): The 160-bit SHA-1 message digest is calculated based on the entered message with the length shorter than the 64th power of 2. HMAC-MD5(Keyed-Hashing for Message Authentication-md5): The 128-bit HMAC-MD5 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. NOTE: If the length of an entered message is less than 512 bits, 0s are added to make up a 512-bit message. If the length of an entered message is greater than 512 bits, the message is converted into a 128-bit message based on the MD5 algorithm. Then, 0s are added to make up a 512-bit message. HMAC-SHA1-12: The 160-bit HMAC-SHA1-12 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. The leftmost 96 bits (12 x 8) are used as the authentication code. HMAC-SHA1-20: The 160-bit HMAC-SHA1-20 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 160 bits are used as the authentication code. SHA-256: The 256-bit SHA-2 message digest is calculated based on the entered message with the length shorter than the 64th power of 2. HMAC-SHA-256: The 256-bit HMAC-SHA-256 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 256 bits are used as the authentication code. SM3: The 256-bit SM3 message digest is calculated based on the entered message of any length. All the 256 bits are used as the authentication code.
SEND TIMER	Send time of a key. To set the send time of a key, run the send-time command.
Start time	Time when a key becomes valid.
End time	Time when a key becomes invalid.
Status	Status of send/receive keys: Active Inactive
RECEIVE TIMER	Receive time of a key. To set the receive time of a key, run the receive-time command.
DEFAULT SEND KEY ID INFORMATION	Information about the default send key.
Default	Configuration of the default send key: Not configured Configured
Status	Status of the default send key: Active Inactive