Configuring a Root Key
Context
The hierarchical key management mechanism consists of three layers of keys, root key, key encryption key and working key. The lower-layer key provides encryption protection for the upper-layer key. The root key is located at the bottom of the key management infrastructure to protect confidentiality of upper-layer keys (such as key encryption key). Therefore, a root key is important to data security. A switch's root key is often stored in the system. If attackers illegally obtain the root key, encrypted data will become insecure. To improve data security and prevent attackers from obtaining encrypted packets, configure another root key on the switch.
The root key can only be configured when the switch has no service configuration. If service configuration has been performed on the switch, an error message will be displayed when you configure the root key.
If you configure a password (not the administrator password) and key after configuring the root key, the password and key configuration will not be restored after the switch software version is changed to V200R009 or an earlier version.
After the root key is configured, the configuration file of the switch cannot be exported and used on other devices.