keychain

Function

The keychain command creates a new set of keychain rules or displays the keychain view.

The undo keychain command deletes the keychain configuration.

By default, no keychain is configured.

Format

keychain keychain-name [ mode { absolute | periodic { daily | weekly | monthly | yearly } } ]

undo keychain keychain-name

Parameters

Parameter	Description	Value
keychain-name	Specifies the keychain name. All the applications identify the set of keychain rules by keychain name.	The value is a string of 1 to 47 case-insensitive characters. Except the question mark (?) and space. However, when double quotation marks (") are used around the string, spaces are allowed in the string.
mode	Indicates the time mode of a keychain. NOTE: The time mode of a keychain must be specified when a keychain is created. You do not need to specify the time mode for a created keychain.	-
absolute	Indicates that the given keychain is non-periodic.	-
periodic	Indicates that the given keychain is periodic.	-
daily	Indicates that the given keychain is day-periodic.	-
weekly	Indicates that the given keychain is week-periodic.	-
monthly	Indicates that the given keychain is month-periodic.	-
yearly	Indicates that the given keychain is year-periodic.	-

Views

System view

Default Level

2: Configuration Level

Usage Guidelines

Usage Scenario

In keychain authentication mode, secure protocol packet transmission is provided by dynamically changing the authentication algorithm and key string. This can prevent unauthorized users from obtaining the key string, and authentication and encryption algorithms, and reduce the workload of manually changing the algorithm and key string.

Each keychain consists of multiple keys that are valid within different time periods and each key is configured with an authentication algorithm. When a key becomes valid, the corresponding authentication algorithm is used.

There are two keychain time modes:

Absolute time range: In this mode, keychains are valid within a certain period.
Periodic time range: In this mode, keychains are valid periodically.

Follow-up Procedure

Run the key-id command to configure a key. If the key is not configured, the keychain cannot authenticate and encrypt protocol packets.

The time mode of a key must be the same as the time mode of the keychain.

Precautions

A keychain supports a maximum of 64 keys.

The keychain keychain-name command displays a specific keychain view. If the keychain specified by keychain-name does not exist, the keychain keychain-name command cannot be executed. To create a keychain, run the keychain keychain-name mode { absolute | periodic { daily | weekly | monthly | yearly } } command.

Example

# Configure the keychain huawei and enter keychain view.

<HUAWEI> system-view
[HUAWEI] keychain huawei mode absolute 
[HUAWEI-keychain-huawei]