key-string

Function

The key-string command specifies a key used for keychain authentication.

The undo key-string command deletes a key used for keychain authentication.

By default, no key is configured for keychain authentication.

Format

key-string { plain plain-text | [ cipher ] cipher-text }

undo key-string

Parameters

Parameter	Description	Value
plain plain-text	Indicates the plain text used for authentication. The configured text will be stored as unencrypted text and displayed as unencrypted text. NOTE: If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.	The value is case-sensitive and ranges from 1 to 255 characters. Spaces are not supported. If a password contains a space, the password must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name.
cipher	Specifies the cipher key string used for encryption and decryption.	-
cipher-text	Indicates the cipher text used for authentication.	The value is a string of case-sensitive characters that can be letters or digits. The authentication password can be a string of 1 to 255 characters in plaintext or a string of 20 to 392 characters in ciphertext. If a password contains a space, the password must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name.

Parameter

Description

Value

plain plain-text

Indicates the plain text used for authentication. The configured text will be stored as unencrypted text and displayed as unencrypted text.

NOTE:

If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

The value is case-sensitive and ranges from 1 to 255 characters. Spaces are not supported.

If a password contains a space, the password must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name.

cipher

Specifies the cipher key string used for encryption and decryption.

cipher-text

Indicates the cipher text used for authentication.

The value is a string of case-sensitive characters that can be letters or digits. The authentication password can be a string of 1 to 255 characters in plaintext or a string of 20 to 392 characters in ciphertext.

If a password contains a space, the password must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name.

Views

Key-ID view

Default Level

2: Configuration Level

Usage Guidelines

Usage Scenario

In keychain authentication mode, secure protocol packet transmission is provided by dynamically changing the authentication algorithm and key string. This can prevent unauthorized users from obtaining the key string, and authentication and encryption algorithms, and reduce the workload of manually changing the algorithm and key string.

Each keychain consists of multiple keys that are valid within different time periods and each key is configured with an authentication algorithm. When a key becomes valid, the corresponding authentication algorithm is used.

Precautions

An authentication key configured in cipher text mode will be also displayed in cipher text mode. Therefore, remember the plaintext key string when configuring the key in cipher text mode.

If the authentication key is not configured, the corresponding key remains in inactive state.

Example

# Configure the key string Huawei@1234.

<HUAWEI> system-view
[HUAWEI] keychain huawei mode absolute 
[HUAWEI-keychain-huawei] key-id 1
[HUAWEI-keychain-huawei-keyid-1] key-string cipher Huawei@1234