Reference Guide
34
21
RSA Private Key
RSA 2048 bits private
key
Generated at time of
manufacturing by the
TPM.
Stored in non-volatile
memory (Trusted
Platform Module).
Zeroized by physical
destruction of the
module.
Used by
IKEv1/IKEv2 for
device authentication
22
RSA public key
RSA 2048 bits public
key
Generated at time of
manufacturing by the
TPM.
Stored in non-volatile
memory. Zeroized by
physical destruction of
the module.
Used by
IKEv1/IKEv2 for
device authentication
23
ECDSA Private Key
ECDSA suite B P-256
and P-384 curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
ap wipe out flash.
Used by
IKEv1/IKEv2 for
device authentication.
24
ECDSA Public Key
ECDSA suite B P-256
and P-384 curves
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
ap wipe out flash.
Used by
IKEv1/IKEv2 for
device authentication.
25
802.11i Pre-Shared
Key (PSK)
8-63 character 802.11i
pre-shared secret for
use in 802.11i (SP
800‐108) key
derivation
CO configured
Stored in flash
memory encrypted
with KEK. Zeroized
by the CO command
ap wipe out flash.
Used to derive the
PMK for 802.11i
mesh connections
between APs and in
advanced Remote AP
connections;
programmed into AP
by the controller over
the IPSec session.
26
802.11i Pair-Wise
Master key (PMK)
802.11i secret key
(256-bit)
Derived during the
802.1X handshake
Stored in the volatile
memory. Zeroized on
reboot.
Used to derive
802.11i Pairwise
Transient Key (PTK)
27
802.11i Pairwise
Transient Key (PTK)
512-bit shared secret
from which Temporal
Keys (TKs) are derived
Derived during 802.11i
4-way handshake
In volatile memory
only; zeroized on
reboot
Used to derive
802.11i session key
28
802.11i session key
AES-CCM key (128
bits)
Derived from 802.11
PMK
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Used for 802.11i
encryption