Configuring Authentication Algorithm of a Key-id

Procedure

1. Run system-view

   The system view is entered.

2. Run keychain keychain-name keychain-name mode { absolute | periodic { daily | weekly | monthly | yearly } }

   The keychain view is entered.

3. Run key-id key-id

   Key-id is created and key-id view is entered.

4. Run algorithm { hmac-md5 | hmac-sha-256 | hmac-sha1-12 | hmac-sha1-20 | md5 | sha-1 | sha-256 | sm3 | aes-128-cmac }

   The authentication algorithm for the key-id is configured.

   

   The aes-128-cmac algorithm is used only when the key of the keychain is bound to TCP-AO authentication. Keychain authentication cannot use the aes-128-cmac algorithm.

   Key-id will be inactive if the authentication algorithm is not configured.

   To ensure high security, do not use the MD5 or SHA-1 algorithm.

5. (Optional) Run quit

   Return to the Keychain view.

6. (Optional) Run digest-length { hmac-sha-256 | sha-256 | hmac-sha1-20 } length

   The digest length of the encryption algorithm is set.

   

   The HMAC-SHA1-20 algorithm uses a 20-byte digest for encryption and decryption by default. You can run the digest-length hmac-sha1-20 16 command to allow for interconnection with an earlier version. By default, the HMAC-SHA-256 and SHA-256 algorithms use a 32-byte digest for encryption and decryption. You can run the digest-length hmac-sha-256 16 or digest-length sha-256 16 command to allow for interconnection with an earlier version.

7. Run commit

   The configurations are committed.