Key Chain Authentication OverviewNEW!

Key chain authentication is the process of ensuring that the key of "person A" held by "person B" belongs to "person A" and vice versa.

Key authentication is used to solve the problem of authenticating the keys of the person (say "person B") to whom some other person ("person A") is talking to or trying to talk to. A symmetric key scheme is supported for authentication.

A key-authenticated agreement method is one in which two or more parties establish cryptographic keys based on one or more party's knowledge of a password. It supports SHA-1, SHA-256, SHA-384, and SHA-512 keyed hash algorithms. The digest is calculated by prepending the actual secret key to the packet header and hashed by one of the supported algorithms. The key ID and the calculated digest form the Message Authentication Code (MAC).

Displays the path of the key value from the sender to the receiver

With this feature, routing protocols such as BGP4, IS-IS, OSPF, and OSPFv3 use the global authentication key chain configuration for hitless key rollover. Authentication keys can be configured as key chains. Key chains are sequences of keys (shared secrets). You can use key-based authentication to secure communications with other devices and you can periodically rotate the keys in the chain.

Consider the following when you use global authentication key chains.

A key chain is a sequence of keys that are collectively managed for authenticating peer.
Under authentication key-chain mode, you can configure a series of key IDs and associate the lifetime and hash algorithm options (SHA1, SHA256, SHA384, or SHA512).
You can configure a maximum of 128 key chains, with a maximum of 8 key per key chain.