Key Chain Authentication Overview

Key chain authentication is the process of ensuring that the key of "person A" held by "person B" belongs to "person A" and vice versa.

Key authentication is used to solve the problem of authenticating the keys of the person (say "person B") to whom some other person ("person A") is talking to or trying to talk to. A symmetric key scheme is supported for authentication.

A key-authenticated agreement method is one in which two or more parties establish cryptographic keys based on one or more party's knowledge of a password. It supports SHA-1, SHA-256, SHA-384, and SHA-512 keyed hash algorithms. The digest is calculated by prepending the actual secret key to the packet header and hashed by one of the supported algorithms. The key ID and the calculated digest form the Message Authentication Code (MAC).

Click to expand in new window
Key chain authentication
Displays the path of the key value from the sender to the receiver

With this feature, routing protocols such as BGP4, IS-IS, OSPF, and OSPFv3 use the global authentication key chain configuration for hitless key rollover. Authentication keys can be configured as key chains. Key chains are sequences of keys (shared secrets). You can use key-based authentication to secure communications with other devices and you can periodically rotate the keys in the chain.

Consider the following when you use global authentication key chains.