You are not currently signed in.

Account
Shop
- Products
- Checkout
- Request Quote
- View Cart
- How to Buy
Downloads
Blog

MIB Smithy

USM Key Management

Converting Password to Unlocalized Key
Converting Password to Localized Key
Localizing Keys
Encoding/Decoding Authentication KeyChange Values
Encoding/Decoding Privacy KeyChange Values

Converting Password to Unlocalized Key

Syntax:

% snmpcmd usm passToKey ?option value ...? password

Where:

snmpcmd: is the name of an SNMP session;
option value: are zero or more option+value pairs that may be specified to override session configuration parameters; and
password: is the password to be converted.

Returns:

The unlocalized key generated from the password using the configured or specified authentication protocol.

Options

-authproto protocol: Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the key. If unspecified, the configured authentication protocol for the session is used.

Example

% set key [snmplib usm passToKey -authproto HMAC-MD5-96 maplesyrup]
% smilib format "OCTET STRING" $key
9f:af:32:83:88:4e:92:83:4e:bc:98:47:d8:ed:d9:63

Converting Password to Localized Key

Syntax:

% snmpcmd usm passToLocKey ?option value ...? password

Where:

snmpcmd: is the name of an SNMP session;
option value: are zero or more option+value pairs that may be specified to override session configuration parameters; and
password: is the password to be converted.

Returns:

The localized key generated from the password using the configured or specified authentication protocol and Engine ID. Note that the key returned is the full-length key appropriate to the authentication protocol, which may be longer than required for the privacy protocol (e.g. 20 octets versus 16 in the case of HMAC-SHA-96 and DES/CBC).

Options

-authproto protocol: Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the key. If unspecified, the configured authentication protocol for the session is used.
-engineid string: Specifies the Engine ID to use for localizing the generated key. If unspecified, the known Engine ID for the configured remote engine for the session is used.

Example

% set key [snmplib usm passToLocKey -authproto HMAC-MD5-96 -engineid \
        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" \
        maplesyrup]
% smilib format "OCTET STRING" $key
52:6f:5e:ed:9f:cc:e2:6f:89:64:c2:93:07:87:d8:2b

Localizing Keys

Syntax:

% snmpcmd usm localizeKey ?option value ...? key

Where:

snmpcmd: is the name of an SNMP session;
option value: are zero or more option+value pairs that may be specified to override session configuration parameters; and
key: is the key to be localized.

Returns:

The localized key generated from the unlocalized key the configured or specified authentication protocol and Engine ID. Note that the key returned is the full-length key appropriate to the authentication protocol, which may be longer than required for the privacy protocol (e.g. 20 octets versus 16 in the case of HMAC-SHA-96 and DES/CBC).

Options

-authproto protocol: Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the key. If unspecified, the configured authentication protocol for the session is used.
-engineid string: Specifies the Engine ID to use for localizing the generated key. If unspecified, the known Engine ID for the configured remote engine for the session is used.

Example

% set key [snmplib usm localizeKey -authproto HMAC-MD5-96 -engineid \
    "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" \
    "\x9f\xaf\x32\x83\x88\x4e\x92\x83\x4e\xbc\x98\x47\xd8\xed\xd9\x63"]
% smilib format "OCTET STRING" $key
52:6f:5e:ed:9f:cc:e2:6f:89:64:c2:93:07:87:d8:2b

Encoding/Decoding Authentication KeyChange Values

Syntax:

% snmpcmd usm authKeyChange ?option value ...? old new

Where:

snmpcmd: is the name of an SNMP session;
option value: are zero or more option+value pairs that may be specified to override session configuration parameters;
old: is the old key; and
new: is the new key (or KeyChange value).

Returns:

For encoding, the KeyChange value that can be issued in an SNMP set operation to usmUserAuthKeyChange or usmUserOwnAuthKeyChange to change the key from old to new
For decoding, the new key that results from reversing the supplied new KeyChange value using the old key.

Options

-authproto protocol: Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the KeyChange value. If unspecified, the configured authentication protocol for the session is used.
-direction dir: May either be encode to specify that the old and new parameters are the old and new keys to generate a KeyChange value; or decode to specify that the old and new parameters are the old key and KeyChange value from which to recover the new key. Default: encode
-salt string: By default, the random component of the KeyChange value is generated by the SDK. This option may be used to specify the random component for purpose of testing or using an alternate source of random data. This option is ignored when decoding.

Example

% set kc [snmplib usm authKeyChange -authproto HMAC-MD5-96 \
    "\x52\x6f\x5e\xed\x9f\xcc\xe2\x6f\x89\x64\xc2\x93\x07\x87\xd8\x2b" \
    "\x87\x02\x1d\x7b\xd9\xd1\x01\xba\x05\xea\x6e\x3b\xf9\xd9\xbd\x4a"]
% smilib format KeyChange $kc
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:88:05:61:51:41:67:6c:c9:19:
61:74:e7:42:a3:25:51

Encoding/Decoding Privacy KeyChange Values

Syntax:

% snmpcmd usm privKeyChange ?option value ...? password

Where:

snmpcmd: is the name of an SNMP session;
option value: are zero or more option+value pairs that may be specified to override session configuration parameters;
old: is the old key; and
new: is the new key (or KeyChange value).

Returns:

For encoding, the KeyChange value that can be issued in an SNMP set operation to usmUserPrivKeyChange or usmUserOwnPrivKeyChange to change the key from old to new
For decoding, the new key that results from reversing the supplied new KeyChange value using the old key.

Options

-authproto protocol: Specifies the authentication protocol (HMAC-MD5-96 or HMAC-SHA-96) to use in generating the KeyChange value. If unspecified, the configured authentication protocol for the session is used.
-direction dir: May either be encode to specify that the old and new parameters are the old and new keys to generate a KeyChange value; or decode to specify that the old and new parameters are the old key and KeyChange value from which to recover the new key. Default: encode
-privproto protocol: Specifies the privacy protocol to use in generating the KeyChange value. If unspecified, the configured authentication protocol for the session is used. At present, DES/CBC and AES128/CFB are supported.
-salt string: By default, the random component of the KeyChange value is generated by the SDK. This option may be used to specify the random component for purpose of testing or using an alternate source of random data. This option is ignored when decoding.

Example

% set kc [snmplib usm privKeyChange -authproto HMAC-SHA-96 \
    "\x66\x95\xfe\xbc\x92\x88\xe3\x62\x82\x23\x5f\xc7\x15\x1f\x12\x84\x97\xb3\x8f\x3f" \
    "\x78\xe2\xdc\xce\x79\xd5\x94\x03\xb5\x8c\x1b\xba\xa5\xbf\xf4\x63\x91\xf1\xcd\x25"]
% smilib format KeyChange $kc
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:7e:f8:d8:a4:c9:cd:b2:6b:47:
59:1c:d8:52:ff:88:b5

MIB Smithy

Developer's Guide

SMI Databases

SNMP Sessions

USM

Scotty/TNM Porting

USM Key Management

Converting Password to Unlocalized Key

Syntax:

Where:

Returns:

Options

Example

Converting Password to Localized Key

Syntax:

Where:

Returns:

Options

Example

Localizing Keys

Syntax:

Where:

Returns:

Options

Example

Encoding/Decoding Authentication KeyChange Values

Syntax:

Where:

Returns:

Options

Example

Encoding/Decoding Privacy KeyChange Values

Syntax:

Where:

Returns:

Options

Example