1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 2651
  6. User manual

Cryptographic Key Management - Cisco 2651 User Manual

Non-proprietary security policy
Hide thumbs
Table of Contents

Advertisement

The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers

Cryptographic Key Management

The router securely administers both cryptographic keys and other critical security parameters such as
passwords. The tamper evidence seals provide physical protection for all keys. All keys are also
protected by the password-protection on the Crypto Officer role login, and can be zeroized by the Crypto
Officer. Keys are exchanged manually and entered electronically via manual key exchange or Internet
Key Exchange (IKE).
The module supports the following critical security parameters (CSPs):
Table 18
#
1
2
3
4
5
6
7
8
9
10
11
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
36
Critical Security Parameters
CSP
Description
Name
CSP 1
This is the seed key for X9.31 PRNG. This key is stored in DRAM
and updated periodically after the generation of 400 bites; hence,
it is zeroized periodically. Also, the operator can turn off the
router to zeroize this key.
CSP 2
The private exponent used in Diffie-Hellman (DH) exchange.
Zeroized after DH shared secret has been generated.
CSP 3
The shared secret within IKE exchange. Zeroized when IKE
session is terminated.
CSP 4
Same as above
CSP 5
Same as above
CSP 6
Same as above
CSP 7
The IKE session encrypt key. The zeroization is the same as
above.
CSP 8
The IKE session authentication key. The zeroization is the same
as above.
CSP 9
The RSA private key. "crypto key zeroize" command zeroizes this
key.
CSP 10
The key used to generate IKE skeyid during preshared-key
authentication. "no crypto isakmp key" command zeroizes it. This
key can have two forms based on whether the key is related to the
hostname or the IP address.
CSP 11
This key generates keys 3, 4, 5 and 6. This key is zeroized after
generating those keys.
Storage
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
OL-6083-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 2651

Related Content for Cisco 2651

This manual is also suitable for:

172117602621xm2651xm26913725 ... Show all

Table of Contents