No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

S9300, S9300E, and S9300X V200R012C00

This document describes the configurations of Device Management, including device status query, hardware management, CSS, SVF, PoE, OPS, OIDS, energy-saving management, information center, fault management, NTP, synchronous ethernet, PTP.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Root Key

Configuring a Root Key

Context

The hierarchical key management mechanism consists of three layers of key: the root key, key encryption key, and working key. The lower-layer key provides encryption protection for the upper-layer key. The root key is located at the bottom of the key management infrastructure to protect confidentiality of upper-layer keys (such as key encryption key). Therefore, a root key is critical to data security. A switch's root key is often stored in the system. If a malicious user obtains the root key, any encrypted data will become vulnerable. To address this issue and improve data security, you can replace the default root key with another one.

  • The root key can only be configured when the switch has no service configuration. If service configuration has been performed on the switch, an error message will be displayed when you configure the root key.

  • If you configure a password (not the administrator password) and key after configuring the root key, the password and key configuration will not be restored after the switch software version is changed to V200R009 or an earlier version.

  • After the root key is configured, the configuration file of the switch cannot be exported and used on other devices.

Procedure

  1. Run set root-key

    A root key is configured for the switch.

    By default, a switch uses the system default root key.

Verifying the Configuration

Run the display root-key configuration command to check information about the currently used root key.

Translation
Download
Updated: 2018-09-03

Document ID: EDOC1100038289

Views: 43544

Downloads: 15

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next