No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the System Master Key

Configuring the System Master Key

You can configure the system master key to enhance user data security and reliability.

Background Information

In an actual network environment, the network and devices are provided and maintained by network providers, and the data belongs to tenants. To provide secure data transmission and storage on the network, ensure that keys are under complete control of the specific user and cannot be obtained by network providers or other tenants. To be specific, users need to have their own key management schemes.

Users can manually modify the system master key based on actual requirements to enhance data security and reliability.

NOTE:
This configuration process is supported only on the Admin-VS.

Procedure

  1. Run the set master-key command in the user view to set the system master key.

    NOTE:

    To restore the default system master key, run the clear master-key command.

    Note the following during the interactive process:
    • If the current system master key is not the default one, users need to input the current system master key for identity authentication before changing the master key.
    • After the system master key is input, users need to input Y on the terminal interface to proceed to the next step. If a user inputs N, the system stops the current operation and exits.
    • A user needs to input the new master key twice. The system proceeds to the next operation only when the two input master keys are identical.

    If an error occurs during master key modification, the system prompts a message indicating a master key modification failure and instructs the user to retry it. If the failure persists, contact Huawei technical support personnel.

    After the master key is modified, devices cannot share the configuration files. After a configuration file is copied from another device to the local device for next startup, if the master key on the source device is not the default master key and does not exist on the local device, the configuration fails. To resolve this problem, perform one of the following operations:
    • Change the master key on the device to be configured to be the same as that on the device that provides the configuration file.
    • Change the master key on the device that provides the configuration file to be the same as that on the device to be configured. After that, save and export the configuration file, upload it to the device to be configured, and specify the configuration file for next startup.
    • Specify the default master key as the master key on the device that provides the configuration file. After that, save and export the configuration file, upload it to the device to be configured, and specify the configuration file for next startup.
    After the master key is changed and a configuration file is copied from another device to the local device for next startup, if the master key on the source device is not the default master key and does not exist on the local device, the local device cannot decrypt the copied file due to master key mismatch. To resolve this problem, perform one of the following operations:
    • Change the master key on the local device to be the same as that on the device that provides the encrypted file.
    • Change the master key on the device that provides the encrypted file to be the same as that on the local device. After that, export the encrypted file and upload it to the local device.
    • Specify the default master key as the master key on the device that provides the encrypted file. After that, export the encrypted file and upload it to the local device for decryption.

Checking the Configurations

When the preceding configuration is complete, you can run the following commands to check the configuration.
  • Run the display master-key configuration command to check the configuration of the system master key.

    This command is supported only on the Admin-VS.

Run the display master-key configuration command to check whether the system master key is a user-configured key or the default system master key.

<HUAWEI> display master-key configuration
Current master key: user-defined
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 25456

Downloads: 52

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next