Specifications

© Copyright 2007 Cisco Systems, Inc.

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

PRNG Seed X9.31 This is the seed for X9.31 PRNG. This CSP

is stored in DRAM and updated periodically

after the generation of 400 bytes – after this

it is reseeded with router-derived entropy;

hence, it is zeroized periodically. Also, the

operator can turn off the router to zeroize

this CSP.

DRAM Automatically every 400

bytes, or turn off the router.

PRNG Seed

Key

X9.31 This is the seed key for the PRNG. DRAM Turn off the router

Diffie Hellman

DH The private exponent used in Diffie-Hellman

DRAM Automatically after shared

IKE exchange. Zeroized when IKE session

is terminated.

session terminated.

skeyid_d Keyed SHA-1 The IKE key derivation key for non ISAKMP

DRAM Automatically after IKE

skeyid_a HMAC-SHA-1 The ISAKMP security association

authentication key.

DRAM Automatically after IKE

session terminated.

skeyid_e TRIPLE-

The ISAKMP security association

DRAM Automatically after IKE

IKE session

encrypt key

TRIPLE-

DES/AES

The IKE session encrypt key. DRAM Automatically after IKE

session terminated.

IKE session

authentication

HMAC-SHA-1 The IKE session authentication key. DRAM Automatically after IKE

session terminated.

address.

IKE hash key HMAC-SHA-1 This key generates the IKE shared secret

keys. This key is zeroized after generating

those keys.

DRAM Automatically after generating

IKE shared secret keys.

IKE RSA

Authentication

private Key

RSA RSA private key for IKE authentication.

Generated or entered like any RSA key, set

as IKE RSA Authentication Key with the

“crypto keyring” or “ca trust-point”

command.

NVRAM “# crypto key zeroize rsa"