The keychain command creates a keychain or displays the keychain view.
The undo keychain command deletes the keychain configuration.
By default, no keychain is configured.
keychain keychain-name [ mode { absolute | periodic { daily | weekly | monthly | yearly } } ]
undo keychain keychain-name
| Parameter | Description | Value |
|---|---|---|
| keychain-name | Specifies a keychain name. All applications import a keychain based on the keychain name. |
The value is a string of 1 to 47 case-insensitive characters. NOTE:
If a keychain-name contains a space, the keychain-name must be placed into a pair of double quotation marks. Only one pair of double quotation marks can be used for each user name. |
| absolute | Specifies that the keychain is non-periodic. |
- |
| periodic | Specifies that the keychain is periodic. |
- |
| daily | Specifies that the keychain is day-periodic. |
- |
| weekly | Specifies that the keychain is week-periodic. |
- |
| monthly | Specifies that the keychain is month-periodic. |
- |
| yearly | Specifies that the keychain is year-periodic. |
- |
Usage Scenario
In keychain authentication mode, secure protocol packet transmission is provided by changing the authentication algorithm and key dynamically. This can prevent unauthorized users from obtaining the key and authentication and encryption algorithms, and reduce the workload of changing the algorithm and key manually.
Each keychain consists of multiple key IDs that are valid within different time periods and each key ID is configured with an authentication algorithm. When a key ID becomes valid, the corresponding authentication algorithm is used.
Absolute time range: In this mode, keychains are valid within a certain period and are invalid out of the period.
Periodic time range: In this mode, keychains are valid periodically.
Implementation Procedure
Specify the validity mode when creating a keychain. The keychain view is displayed when a keychain name is specified.
Precautions
A keychain can have a maximum of 64 key IDs.
Follow-up Procedure
After a keychain is created, configure the time period within which each key ID is valid. Otherwise, protocol packets cannot be authenticated or encrypted.
The time period within which a key ID for packet sending or receiving is valid and the time mode configured for the key ID must be identical with that configured for the keychain.