Werbung
Schlüssel-Zeichenkette
Specifies the key string used for encryption by the MACsec Key Agreement (MKA) protocol for the
key in the relevant table row. The key string is the actual key value.
Possible values:
<empty string>
For
gcm-aes-128:
For
gcm-aes-256:
Anmerkung:
The Key string is a confidential, Pre-Shared Key for use in a symmetric key cryptographic algorithm.
Specify a Key string as long as possible.
Long key values are harder to guess by a brute-force attack.
Anmerkung:
The Pre-Shared Key lifetime can be configured as indefinite. This is the case if the Time range field
is empty (this is the default).
From this Pre-shared Key, other keys are derived, so Pre-Shared Key serve as master keys.
Therefore, employ appropriate security processes to protect these keys from being leaked.
For two devices acting as MACsec peers, the key strings must match.
Use a trustworthy, confidential channel to distribute the key value to the devices involved.
Zeitbereich
Specifies the validity period of the Pre-shared Key.
Anmerkung:
Limiting the validity period of the Pre-shared Key is considered more secure than specifying an
indefinite Pre-shared Key lifetime. The Pre-shared Key lifetime is indefinite if the Time range field
is empty (this is the default). A definite validity period of the existing keys and regular key rotation
helps limits the amount of data indirectly encrypted with a given key. Therefore, if a key should
become compromised, the amount of data affected (that could potentially be decrypted) would also
be limited.
Adjacent time ranges help ensure an automatic Pre-shared Key rollover after expiration.
Anmerkung:
Overlapping time ranges for associated Pre-shared Key are unsupported.
Possible values:
<empty string>
The key is deemed valid indefinitely.
Specify an existing time profile in the
The key is deemed valid only during the time range given.
Aktiv
Use this check box to select one or more table rows, for example, for deletion.
Anmerkung:
As an exception, the check box does not activate/deactivate the MKA Key configuration in the rele-
vant table row.
In contrast, a MKA Key configuration in a table row is active if its Key chain name is referred to in
the Port Configuration dialog, in the MACsec PSK keychain column.
RM GUI BRS
Release 10.3 04/2025
[ Netzsicherheit > MACsec > MKA-Schlüssel-Konfiguration ]
(default setting)
Hexadecimal string of 0..32 digits, with an even length.
Hexadecimal string of 0..64 digits, with an even length.
(default setting)
Zeitprofil
dialog. If necessary, create a time profile first.
Netzsicherheit
263
Werbung
