Setting a Master Key
A master key is used by a device to encrypt data, safeguarding data transmission. A fixed default master key is provided before device delivery. In actual network environments, the default master key may be stolen or cracked. Administrators can manually change master keys as required to improve data security.
Security Policy Introduction
- You can change the default master key to a user-defined master key, improving data security.
- You can clear a user-defined master key to restore the default master key.
If an administrator forgets a user-defined master key configured on a local device, other devices cannot have the same master key configured to communicate with the local device through an encrypted data channel. In this case, attempts to share configuration files between the devices and decrypt data on the devices fail.
- You can query the master key configuration to check whether the default master key or a user-defined master key is used.
Attack Methods
An attacker cracks the fixed default master key by analyzing a large number of encrypted data, causing device information leakage.
Configuration and Maintenance Methods
- Set a user-defined master key.
<HUAWEI> set master-key Warning: This operation will automatically save configurations. Are you sure you want to perform it? [Y/N]:y Enter a new master key: Confirm the new master key: Warning: Keep the new master key well. Enter the user password: Info: Operating, please wait for a moment..... Info: Operation succeeded.
- Restore the default master key.
<HUAWEI> clear master-key Warning: This operation will automatically save configurations. Are you sure you want to perform it? [Y/N]:y Warning: This operation will change the current master key to the default master key. Enter the user password: Info: Operating, please wait for a moment.... Info: Operation succeeded.
- Query the master key configuration.
<HUAWEI> display master-key configuration Current master key: default
Configuration and Maintenance Suggestions
- To ensure data security, you are advised to set a user-defined master key when using a device for the first time, preventing sensitive information leakage.
- To ensure key security, you are advised to periodically update the user-defined master key, preventing the master key from being stolen or cracked.