Configuring a Root Key

Enterprise

Worldwide

Huawei Global - English

- South Africa - English
- Morocco - English
- Brazil - Português
- Mexico - Español
- United Arab Emirates - English
- Saudi Arabia - English
- Australia - English
- China - 简体中文
- Hong Kong, China - English
- India - English
- Japan - 日本語
- South Korea- English
- Kazakhstan - русский
- Malaysia - English
- Singapore - English
- Indonesia - English
- Thailand - English
- Philippines - English
- Austria - Deutsch
- Czech - English
- France - Français
- Germany - Deutsch
- Greece - English
- Hungary- English
- Italy - Italiano
- Poland - English
- Sweden - English
- Russia - русский
- Spain - Español
- Turkey - Türkçe
- United Kingdom - English
- Ukraine - English

Menu
Products and Services
Industries
Technical Support
Partners
Community

Most people search for
Switches Routers Servers Storage Data Center Energy Cloud Computing

Configuration Guide - Device Management

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the principles and configurations of the Device Management features, and provides configuration examples of these features.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Configuring a Root Key

Context

The hierarchical key management mechanism consists of three layers of keys, root key, key encryption key and working key. The lower-layer key provides encryption protection for the upper-layer key. The root key is located at the bottom of the key management infrastructure to protect confidentiality of upper-layer keys (such as key encryption key). Therefore, a root key is important to data security. A switch's root key is often stored in the system. If attackers illegally obtain the root key, encrypted data will become insecure. To improve data security and prevent attackers from obtaining encrypted packets, configure another root key on the switch.

The root key can only be configured when the switch has no service configuration. If service configuration has been performed on the switch, an error message will be displayed when you configure the root key.
If you configure a password (not the administrator password) and key after configuring the root key, the password and key configuration will not be restored after the switch software version is changed to V200R009 or an earlier version.
After the root key is configured, the configuration file of the switch cannot be exported and used on other devices.

Procedure

Run set root-key
A root key is configured for the switch.

By default, a switch uses the system default root key.

Verifying the Configuration

Run the display root-key configuration command to check information about the currently used root key.

Translation

简体中文

Download

Updated: 2021-10-30

Document ID: EDOC1000178167

Downloads: 2289

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode