< Home

sa encryption-hex

Function

The sa encryption-hex command configures an encryption key for manual Security Association (SA) in hexadecimal format.

The undo sa encryption-hex command deletes an encryption key for manual SA configured in hexadecimal format.

By default, no encryption key is created.

Format

sa encryption-hex { inbound | outbound } esp [ cipher ] { hex-plain-key | hex-cipher-key }

undo sa encryption-hex { inbound | outbound } esp

Parameters

Parameter Description Value
inbound Specifies SA parameters for incoming packets. -
outbound Specifies SA parameters for outgoing packets. -
esp Specifies SA parameters for Encapsulating Security Payload (ESP). If the security proposal applied to an SA uses ESP, esp must be configured in the sa encryption-hex command. -
cipher Indicates the ciphertext used for encryption. -
hex-plain-key

Sets the authentication password to be in plaintext format.
The value is in hexadecimal notation.
  • If encryption algorithm Data Encryption Standard (DES) is used, the length of the key is 8 bytes.
  • If encryption algorithm Triple Data Encryption Standard (3DES) is used, the length of the key is 24 bytes.
  • If encryption algorithm Advanced Encryption Standard 128 (AES-128) is used, the length of the key is 16 bytes.
  • If encryption algorithm AES-192 is used, the length of the key is 24 bytes.
  • If encryption algorithm AES-256 is used, the length of the key is 32 bytes.
hex-cipher-key

Sets the authentication password to be in ciphertext format.
The value is a string of case-insensitive characters, spaces not supported.
  • If encryption algorithm DES is used, the length of the key is 48.
  • If encryption algorithm 3DES is used, the length of the key is 88.
  • If encryption algorithm AES-128 is used, the length of the key is 68.
  • If encryption algorithm AES-192 is used, the length of the key is 88.
  • If encryption algorithm AES-256 is used, the length of the key is 108.

Views

SA view

Default Level

2: Configuration level

Usage Guidelines

ESP security protocol support encryption of IP packets. The algorithm used for encryption/decryption is either DES, 3DES or AES. These algorithms need a key either in hexadecimal format to operate. The hexadecimal key to be used for encryption is configured using the sa encryption-hex command.
  • The DES and 3DES algorithms have security risks; therefore, you are advised to use AES algorithm preferentially.
  • If sa encryption-hex command is configured, then the encryption key configured using sa string-key command is deleted automatically.

Example

# In an IPSec SA, set the encryption key of the inbound SA to 0x1234567890abcdef, and the encryption key of the outbound SA to 0xabcdefabcdef1234. The encryption key is displayed in cipher text.

<HUAWEI> system-view
[HUAWEI] ipsec sa sa1
[HUAWEI-ipsec-sa-sa1] sa encryption-hex inbound esp cipher 1234567890abcdef
[HUAWEI-ipsec-sa-sa1] sa encryption-hex outbound esp cipher abcdefabcdef1234
Parent Topic: IPSec Configuration Commands (IPSec Encryption)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >