< Home

display keychain

Function

The display keychain command displays the configuration of a specified keychain.

Format

display keychain keychain-name [ key-id key-id ]

Parameters

Parameter Description Value
keychain-name

Specifies the name of the keychain to be displayed.

The value is a string of 1 to 47 case-insensitive characters.

NOTE:

If a keychain-name contains a space, the keychain-name must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name.
key-id key-id

Specifies the key ID of the keychain to be displayed.

The value is an integer ranging from 0 to 63.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To locate or rectify a keychain authentication failure or collect required information before configuration, run the display keychain command to view configurations of a specified keychain.

Example

# Display the configuration of keychain earth when no key ID is configured for the keychain.

<sysname> display keychain earth
 Keychain Information:
 ---------------------
 Keychain Name             : earth
   Timer Mode              : Absolute
   Receive Tolerance(min)  : 0
   TCP Kind                : 254
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     HMAC-SHA-256          : 7
     SHA-256               : 8
     MD5                   : 3
     SHA1                  : 4
 Number of Key IDs         : 0
 Active Send Key ID        : None
 Active Receive Key IDs    : None
 Default send Key ID       : Not configured

# Display the configuration of keychain earth when a key ID is configured for the keychain.

<sysname> display keychain earth
 Keychain Information:
 ---------------------
 Keychain Name             : earth
   Timer Mode              : Absolute
   Receive Tolerance(min)  : 100
   TCP Kind                : 182
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     HMAC-SHA-256          : 7
     SHA-256               : 8
     MD5                   : 17
     SHA1                  : 4
 Number of Key IDs         : 1
 Active Send Key ID        : 1
 Active Receive Key IDs    : 01
 Default send Key ID       : Not configured


 Key ID Information:
 -------------------
 Key ID                    : 1
   Key string              : ****** 
   Algorithm               : MD5
   SEND TIMER              :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active
   RECEIVE TIMER           :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active

# Display the configuration of key-id 1 in keychain earth.

<sysname> display keychain earth key-id 1
 Keychain Information:
 ---------------------
 Keychain Name             : earth
   Timer Mode              : Absolute
   Receive Tolerance(min)  : 100
   TCP Kind                : 182
   TCP Algorithm IDs       :
     HMAC-MD5              : 5
     HMAC-SHA1-12          : 2
     HMAC-SHA1-20          : 6
     HMAC-SHA-256          : 7
     SHA-256               : 8
     MD5                   : 17
     SHA1                  : 4

 Key ID Information:
 -------------------
 Key ID                    : 1
   Key string              : ****** 
   Algorithm               : MD5
   SEND TIMER              :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active
   RECEIVE TIMER           :
     Start time            : 2012-03-14 00:00
     End time              : 2012-08-08 23:59
     Status                : Active
   DEFAULT SEND KEY ID INFORMATION
     Default               : Not configured
Table 1 Description of the display keychain command output

Item

Description

Keychain Name

Specifies the configured keychain name.

Timer Mode

Specifies the timing mode of the keychain.

Receive Tolerance

Specifies the receive tolerance configured for the keychain.

TCP Kind

Specifies the configured TCP kind for the keychain.

TCP Algorithm IDs

Lists the TCP algorithm IDs configured for the keychain.

The characteristics of each authentication algorithm are as follows:

  • Message Digest 5 (MD5): The 128-bit MD5 message digest is calculated based on the entered message of any length.

  • Secure Hash Algorithm 1 (SHA-1): The 160-bit SHA-1 message digest is calculated based on the entered message with the length shorter than the 64th power of 2.

  • Hash-based Message Authentication Code-MD5 (HMAC-MD5): The 128-bit HMAC-MD5 message digest is calculated based on the 512-bit message that is converted from the entered message of any length.

    NOTE:

    If the length of an entered message is less than 512 bits, 0s are added to make up a 512-bit message. If the length of an entered message is greater than 512 bits, the message is converted into a 128-bit message based on the MD5 algorithm. After that, 0s are added to make up a 512-bit message.

  • HMAC-SHA1-12: The 160-bit HMAC-SHA1-12 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. The leftmost 96 bits (12 x 8) are used as the authentication code.

  • HMAC-SHA1-20: The 160-bit HMAC-SHA1-20 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 160 bits are used as the authentication code.

  • SHA-256: The 256-bit SHA-2 message digest is calculated based on the entered message with the length shorter than the 64th power of 2.

  • HMAC-SHA-256: The 256-bit HMAC-SHA-256 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 256 bits are used as the authentication code.

The calculation speed of the MD5 algorithm is faster than that of the SHA algorithm; the SHA algorithm is more secure than the MD5 algorithm. Compared with MD5 and SHA, HMAC is more secure, but slower in calculation speed. To ensure high security, do not use the MD5 algorithm.

Number of Key IDs

Specifies the number of configured key IDs.

Active Send Key ID

Specifies the active key ID.

Active Receive Key IDs

Specifies the received active key ID.

Default send Key ID

Specifies the default key ID for packet sending.

Key ID

Specifies the key ID.

Key string

Specifies the key string configured for the key ID.

Algorithm

Specifies the algorithm type configured for the key ID.

The characteristics of each authentication algorithm are as follows:

  • Message Digest 5 (MD5): The 128-bit MD5 message digest is calculated based on the entered message of any length.

  • Secure Hash Algorithm 1 (SHA-1): The 160-bit SHA-1 message digest is calculated based on the entered message with the length shorter than the 64th power of 2.

  • Hash-based Message Authentication Code-MD5 (HMAC-MD5): The 128-bit HMAC-MD5 message digest is calculated based on the 512-bit message that is converted from the entered message of any length.

    NOTE:

    If the length of an entered message is less than 512 bits, 0s are added to make up a 512-bit message. If the length of an entered message is greater than 512 bits, the message is converted into a 128-bit message based on the MD5 algorithm. After that, 0s are added to make up a 512-bit message.

  • HMAC-SHA1-12: The 160-bit HMAC-SHA1-12 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. The leftmost 96 bits (12 x 8) are used as the authentication code.

  • HMAC-SHA1-20: The 160-bit HMAC-SHA1-20 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 160 bits are used as the authentication code.

  • SHA-256: The 256-bit SHA-2 message digest is calculated based on the entered message with the length shorter than the 64th power of 2.

  • HMAC-SHA-256: The 256-bit HMAC-SHA-256 message digest is calculated based on the 512-bit message that is converted from the entered message of any length. All the 256 bits are used as the authentication code.

The calculation speed of the MD5 algorithm is faster than that of the SHA algorithm; the SHA algorithm is more secure than the MD5 algorithm. Compared with MD5 and SHA, HMAC is more secure, but slower in calculation speed. To ensure high security, do not use the MD5 algorithm.

SEND TIMER

Specifies the time when the key ID is sent.

Start time

Specifies the time when the key ID becomes valid.

End time

Specifies the time when the key ID becomes invalid.

Status

Specifies the status of the sent/received key ID.

RECEIVE TIMER

Specifies the time when the key ID is received.

DEFAULT SEND KEY ID INFORMATION

Specifies the information about the default key ID for packet sending.

Default

Specifies the status of the default key ID for packet sending.
Parent Topic: Keychain Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >