R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

168

snmp-agent calculate-password plain-password mode sha { local-engineid | specified-engineid

engineid }

View

System view

Default level

3: Manage level

Parameters

plain-password: Specifies a plaintext authentication or privacy key.

mode: Specifies authentication and privacy algorithms. Select a mode option, depending on the

authentication and privacy algorithm you are configuring with the snmp-agent usm-user v3 command.

The three privacy algorithms Advanced Encryption Standard (AES), Triple Data Encryption Standard

(3DES), and Data Encryption Standard (DES) are in descending order of security strength. Higher

security means more complex implementation mechanism and lower speed. DES is enough to meet

general requirements. The Message-Digest Algorithm 5 (MD5) and Secure Hash Algorithm (SHA-1) are

the two authentication algorithms. MD5 is faster than SHA-1, while SHA-1 provides higher security than

MD5.

• 3desmd5: Converts the plaintext privacy key to an encrypted key for 3DES encryption used together

with MD5 authentication. For more information about MD5 and 3DES, see VPN Configuration

Guide.

• 3dessha: Converts the plaintext privacy key to an encrypted key for 3DES encryption used together

with SHA-1 authentication. For more information about SHA-1 and 3DES, see VPN Configuration

Guide.

• md5: Converts the plaintext authentication key to an encrypted key for MD5 authentication, or

converts the plain text privacy key to an encrypted key for AES or DES encryption used in

conjunction with MD5. For more information about AES and DES, see VPN Configuration Guide.

• sha: Converts the plaintext authentication key to an encrypted key for SHA-1 authentication, or

converts the plaintext privacy key to an encrypted key for AES or DES encryption used in

conjunction with SHA-1 authentication.

local-engineid: Uses the local engine ID to calculate the encrypted key. For engine ID-related

configuration, see the snmp-agent local-engineid command.

specified-engineid: Uses a user-defined engine ID to calculate the encrypted key.

engineid: Specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of

hexadecimal characters, which ranges from 10 to 64. All-zero and all-F strings are invalid.

Description

Use snmp-agent calculate-password to convert a plaintext key to an encrypted key for authentication or

encryption.

This command helps you calculate encrypted authentication and privacy keys for SNMPv3 users that use

encrypted authentication and privacy keys. To create an SNMPv3 user, see the snmp-agent usm-user v3

command.

Enable SNMP before you execute the snmp-agent calculate-password command.

The encrypted key converted for SHA authentication is a string of 40 hexadecimal characters. For an

authentication key, all of the 40 hexadecimal characters are valid. For a privacy key, only the first 32

hexadecimal characters are valid.