Specifications
© Copyright 2007 Cisco Systems, Inc. Page 18 of 26
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
is zeroized by overwriting it with a
new password.
RADIUS
secret
Shared Secret The RADIUS shared secret. This
shared secret is zeroized by
executing the “no radius-server
key” command.
NVRAM “# no radius-server key”
secret_1_0_0 The fixed key used in Cisco vendor
ID generation. This key is
embedded in the module binary
image and can be deleted by
erasing the Flash.
NVRAM Deleted by erasing the
Flash.
TACACS+
secret
Shared Secret The TACACS+ shared secret. This
shared secret is zeroized by
executing the “no tacacs-server
key” command.
NVRAM “# no tacacs-server key”
TLS server
private key
RSA 1024/1536/2048 bit RSA private
key used for SSLV3.1/TLS.
NVRAM “# crypto key zeroize
rsa"
TLS server
public key
RSA 1024/1536/2048 bit RSA public
key used for SSLV3.1/TLS.
NVRAM “# crypto key zeroize
rsa"
TLS pre-
master secret
Shared Secret Shared Secret created using
asymmetric cryptography from
which new TLS session keys can
be created
DRAM Automatically when
TLS session is
terminated
TLS
Encryption
Key
AES/TRIPLE-
DES
Key used to encrypt TLS session
data
DRAM Automatically when
TLS session is
terminated
TLS Integrity
Key
HMAC-SHA-1 HMAC-SHA-1 used for TLS data
integrity protection
DRAM Automatically when
TLS session is
terminated
Table 5 - Cryptographic Keys and CSPs
SRDI/Role/Service
Access Policy
(r = read,
w = write,
d = delete)
Roles/Service
User Role
Status Functions
Network Functions
Terminal Functions
Directory Services
SSL-TLS/VPN
EASY VPN
Crypto Officer Role
Configure the Router
Define Rules and Filters
Status Functions
Manage the Router
Set Encryption/Bypass
Change WAN Interface Cards
Security Relevant Data Item