Q. How does one generate authentication keys (MD5/SHA) as well as Privacy Key (DES/AES) for SNMPV3 devices?.
A #1. The Easy Way. On a typical SNMP agent (e.g. Net-SNMP, most modern networking equipment), you configure the auth and privacy keys as ASCII strings in a configuration file. You type these same ASCII keys into InterMapper and then the SNMPv3 connection "just works". For most situations and most network equipment (Cisco and many, many others), this procedure (also described in the InterMapper and SNMPv3 tech note) will work.
A #2. The Harder Way. Some equipment requires you to convert the ASCII key into an internal format. The ASCII key is first converted into a "block" key by running the ASCII key through a one-way hashing function several times. Then, this "block key" is combined with the unique SNMPv3 engineID of the target device to produce a "Localized Key". This localized key is different for each device, and it's the key that is actually used to authenticate/encrypt SNMPv3 payloads.
If your equipment cannot convert the original ASCII keys to the proper internal form, you will have to use the procedure described below.
Contact your vendor to find out how to compute the Localized Key and/or the Block Key that you will need to enter into the Set Probe window. (InterMapper does not provide a facility for creating these internal formats.)
To enter a "Localized Key" into InterMapper, enter the password using this format:
| Code: |
| L:0xHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH |
H is a hexadecimal digit. For MD5, there must be exactly 32 hexadecimal digits. For SHA1, there must be exactly 40 hexadecimal digits.
To enter a "Block Key", enter the password into InterMapper using this format:
| Code: |
| N:0xHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH |
(The N stands for non-localized key. This key will still run through the localization step described above.)
