Specifications
© Copyright 2007 Cisco Systems, Inc. Page 16 of 26
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
Diffie
Hellman
private
exponent
DH The private exponent used in
Diffie-Hellman (DH) exchange as
part of IKE. Zeroized after DH
shared secret has been generated.
DRAM Automatically after
shared secret generated.
Diffie
Hellman
public key
DH The public key used in Diffie-
Hellman (DH) exchange as part of
IKE. Zeroized after the DH shared
secret has been generated.
DRAM Automatically after
shared secret generated.
skeyid Keyed SHA-1 Value derived from the shared
secret within IKE exchange.
Zeroized when IKE session is
terminated.
DRAM Automatically after IKE
session terminated.
skeyid_d Keyed SHA-1 The IKE key derivation key for non
ISAKMP security associations.
DRAM Automatically after IKE
session terminated.
skeyid_a HMAC-SHA-1 The ISAKMP security association
authentication key.
DRAM Automatically after IKE
session terminated.
skeyid_e TRIPLE-
DES/AES
The ISAKMP security association
encryption key.
DRAM Automatically after IKE
session terminated.
IKE session
encrypt key
TRIPLE-
DES/AES
The IKE session encrypt key. DRAM Automatically after IKE
session terminated.
IKE session
authentication
key
HMAC-SHA-1 The IKE session authentication
key.
DRAM Automatically after IKE
session terminated.
ISAKMP
preshared
Shared secret The key used to generate IKE
skeyid during preshared-key
authentication. “no crypto isakmp
key” command zeroizes it. This key
can have two forms based on
whether the key is related to the
hostname or the IP address.
NVRAM “# no crypto isakmp
key”
IKE hash key HMAC-SHA-1 This key generates the IKE shared
secret keys. This key is zeroized
after generating those keys.
DRAM Automatically after
generating IKE shared
secret keys.
IKE RSA
Authentication
private Key
RSA RSA private key for IKE
authentication. Generated or
entered like any RSA key, set as
IKE RSA Authentication Key with
the “crypto keyring” or “ca trust-
point” command.
NVRAM “# crypto key zeroize
rsa"
IKE RSA
Authentication
Public Key
RSA RSA public key for IKE
authentication. Generated or
entered like any RSA key, set as
IKE RSA Authentication Key with
the “crypto keyring” or “ca trust-
point” command.
NVRAM “# crypto key zeroize
rsa"
IKE RSA
Encrypted
Nonce Private
Key
RSA RSA private key for IKE encrypted
nonces. Generated like any RSA,
with the “usage-keys” parameter
included.
NVRAM “# crypto key zeroize
rsa"