The set root-key command configures a root key for a switch.
The undo set root-key command restores the default root key of a switch.
By default, a switch uses the system default root key.
Usage Scenario
A root key is located at the bottom of the key management infrastructure to protect confidentiality of upper-layer keys (such as key encryption key). Therefore, a root key is important to data security. A switch's root key is often stored in the system. If attackers illegally obtain the root key, encrypted data will become insecure. To improve data security and prevent attackers from obtaining encrypted packets, configure another root key on the switch. The configured root key will take effect after the switch restarts.
Precautions
The root key can only be configured when the switch has no service configuration. If service configuration has been performed on the switch, an error message will be displayed when you configure the root key.
If you configure a password (not the administrator password) and key after configuring the root key, the password and key configuration will not be restored after the switch software version is changed to V200R009 or an earlier version.
After the root key is configured, the configuration file of the switch cannot be exported and used on other devices.
# Set the root key to huawei.
<HUAWEI> set root-key
Warning: A new root key can take effect only after the device is restarted. Continue? [Y/N]:y
Please enter a new key of no more than 32 characters:huawei
Please enter the new key again:huawei
Info: Succeed in setting next root-key on the master board.