Table of Contents
Advertisement
Table 18
12
13
14
15
16
17
18
19
20
21
22
23
24
Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, and 3745 Modular Access Routers and 7206-VXR NPE-400 Router FIPS 140-2 Non-Proprietary
OL-6083-01
The Cisco 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745, and 7206 VXR NPE-400 Routers
Critical Security Parameters (Continued)
CSP 12
The RSA public key used to validate signatures within IKE. These
keys are expired either when CRL (certificate revocation list)
expires or 5 secs after if no CRL exists. After above expiration
happens and before a new public key structure is created this key
is deleted. This key does not need to be zeroized because it is a
public key; however, it is zeroized as mentioned here.
CSP 13
The fixed key used in Cisco vendor ID generation. This key is
embedded in the module binary image and can be deleted by
erasing the Flash.
CSP 14
The IPSec encryption key. Zeroized when IPSec session is
terminated.
CSP 15
The IPSec authentication key. The zeroization is the same as
above.
CSP 16
The RSA public key of the CA. "no crypto ca trust <label>"
command invalidates the key and it frees the public key label
which in essence prevent use of the key. This key does not need to
be zeroized because it is a public key.
CSP 17
This key is a public key of the DNS server. Zeroized using the
same mechanism as above. "no crypto ca trust <label>" command
invalidate the DNS server's public key and it frees the public key
label which in essence prevent use of that key. This label is
different from the label in the above key. This key does not need
to be zeroized because it is a public key.
CSP 18
The SSL session key. Zeroized when the SSL connection is
terminated.
CSP 19
The ARAP key that is hardcoded in the module binary image.
This key can be deleted by erasing the Flash.
CSP 20
This is an ARAP user password used as an authentication key. A
function uses this key in a DES algorithm for authentication.
CSP 21
The key used to encrypt values of the configuration file. This key
is zeroized when the "no key config-key" is issued.
CSP 22
This key is used by the router to authenticate itself to the peer. The
router itself gets the password (that is used as this key) from the
AAA server and sends it onto the peer. The password retrieved
from the AAA server is zeroized upon completion of the
authentication attempt.
CSP 23
The RSA public key used in SSH. Zeroized after the termination
of the SSH session. This key does not need to be zeroized because
it is a public key; However, it is zeroized as mentioned here.
CSP 24
The authentication key used in PPP. This key is in the DRAM and
not zeroized at runtime. One can turn off the router to zeroize this
key because it is stored in DRAM.
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
Flash
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
37
Hide quick links:
Advertisement
Table of Contents
