Master Password for Configuration Encryption
Junos OS supports encryption method for configuration secrets using a master password. The master password derives an encryption key that uses AES256-GCM to protect certain secrets such as private keys, system master passwords, and other sensitive data by storing it in an AES256 encrypted format. For more information, read this topic.
Hardening Shared Secrets in Junos OS
Understanding Hardening Shared Secrets
Existing shared secrets ($9$ format) in Junos OS currently use an obfuscation algorithm, which is not a very strong encryption for configuration secrets. If you want a strong encryption for your configuration secrets, you can configure a master password. The master password is used to derive an encryption key that is used with AES256-GCM to encrypt configuration secrets. This new encryption method uses the $8$ formatted strings.
Starting with Junos OS Release 15.1X49-D50, new CLI commands are introduced to configure a system master password to provide stronger encryption for configuration secrets. The master password encrypts secrets like the RADIUS password, IKE preshared keys, and other shared secrets in the Junos OS management process (mgd) configuration. The master password itself is not saved as part of the configuration. The password quality is evaluated for strength, and the device gives feedback if weak passwords are used.
The master password is used as input to the password based key derivation function (PBKDF2) to generate an encryption key. the key is used as input to the Advanced Encryption Standard in Galois/Counter Mode (AES256-GCM). The plain text that the user enters is processed by the encryption algorithm (with key) to produce the encrypted text (cipher text). See Figure 1
The $8$ configuration secrets can only be shared between devices using the same master password.
The $8$-encrypted passwords have the following format:
$8$crypt-algo$hash-algo$iterations$salt$iv$tag$encrypted. See Table 1 for the master password format details.
Table 1: $8$-encrypted Password Format
Encryption/decryption algorithm to be used. Currently only AES256-GCM is supported.
Hash (prf) algorithm to be used for the PBKDF2 key derivation.
The number of iterations to use for the PBKDF2 hash function. Current iteration-count default is 100. The iteration count slows the hashing count, thus slowing attacker guesses.
Sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used to salt (a random, but known string) the password and input to the PBKDF2 key derivation.
A sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used as initialization vector for the AES256-GCM encryption function.
ASCII64-encoded representation of the tag.
ASCII64-encoded representation of the encrypted password.
The ASCII64 encoding is Base64 (RFC 4648) compatible, except
no padding (character “=”) is used to keep the strings
short. For example: $8$aes256-gcm$hmac-sha2-256$100$y/4YMC4YDLU$fzYDI4jjN6YCyQsYLsaf8A$Ilu4jLcZarD9YnyD
Chassis Cluster Considerations
When defining a chassis cluster on SRX Series devices, be aware of the following restrictions:
For SRX Series devices, first configure the master password on each node, and then build the cluster. The same master password should be configured on each node.
In chassis cluster mode, the master password cannot be deleted.
A change in the master password would mean disruption in chassis clustering; therefore you must change the password on both nodes independently.
Using Trusted Platform Module to Bind Secrets on SRX Series Devices
By enabling the Trusted Platform Module (TPM) on the SRX Series devices, the software layer leverages the use of the underlying TPM chip. TPM is a specialized chip that protects certain secrets at rest such as private keys, system master passwords, and other sensitive data by storing it in an AES256 encrypted format (instead of storing sensitive data in a clear text format). The device also generates a new SHA256 hash of the configuration each time the administrator commits the configuration. This hash is verified each time the system boots up. If the configuration has been tampered with, the verification fails and the device will not continue to boot. Both the encrypted data and the hash of the configuration is protected by the TPM module using the master encryption password.
Hash validation is performed during any commit operation by performing a validation check of the configuration file against the saved hash from previous commits. In a chassis cluster system, hash is independently generated on the backup system as part of the commit process. A commit from any mode, that is, batch-config, dynamic-config, exclusive-config, or private config generates the integrity hash.
Hash is saved only for the current configuration and not for any rollback configurations. Hash is not generated during reboot or shutdown of the device.
The TPM encrypts the following secrets:
SHA256 hash of the configuration
all key-pairs on the device
The TPM chip is available on the SRX300, SRX320, SRX340, SRX345, SRX5400, SRX5600, and SRX5800 devices. On SRX5400, SRX5600, and SRX5800 devices, TPM is supported only with SRX5K-RE3-128G Routing Engine (RE3). The TPM chip is enabled by default to make use of TPM functionality. You must configure master encryption password to encrypt PKI key-pairs and configuration hash. To configure master encryption password, see Configuring Master Encryption Password.
The following limitations and exceptions apply to the configuration file integrity feature using TPM:
This feature is supported only on the SRX300, SRX320, SRX340, SRX345, SRX5400, SRX5600, and SRX5800 devices. On SRX5400, SRX5600, and SRX5800 devices, TPM is supported only with RE3.
If the master encryption password is not set, data is stored unencrypted.
The file integrity feature is not supported along with the configuration file encryption feature that uses keys saved in EEPROM. You can enable only one function at a time.
In a chassis cluster, both nodes must have the same TPM settings. This means that both nodes in the chassis cluster must have TPM enabled, or both nodes in the chassis cluster must have TPM disabled. The chassis cluster must not have one node set to TPM enabled and the another node set to TPM disabled.
Configuring Master Encryption Password
Before configuring master encryption password, ensure that you have configured set system master-password plain-text-password otherwise, certain sensitive data will not be protected by the TPM.
Set the master encryption password using the following CLI command:
request security tpm master-encryption-password set plain-text-password
You will be prompted to enter the master encryption password twice, to make sure that these passwords match. The master encryption password is validated for required password strength.
After master encryption password is set, the system proceeds to encrypt the sensitive data with the master encryption password which is encrypted by the Master Binding Key that is owned and protected by the TPM chip.
If there is any issue with setting the master encryption password, a critical ERROR message is logged on the console and the process is aborted.
Verifying the Status of the TPM
You can use the show security tpm status command to verify the status of the TPM. The following information is displayed:
TPM’s Master Binding Key status (created or not created)
master encryption password status (set or not set)
Starting with Junos OS Release 15.1X49-D120 and Junos OS Release 17.4R1, Trusted Platform Module (TPM) firmware has been updated. The upgraded firmware version provides additional secure cryptography and improves security. Updated TPM firmware is available along with the Junos OS package. For updating TPM Firmware, see Upgrading TPM Firmware on SRX-Devices. To confirm the TPM firmware version, use the show security tpm status command. TPM Family and TPM Firmware version output fields are introduced.
Changing the Master Encryption Password
Changing the master encryption password is done using the CLI.
To change the master encryption password, enter the following command from operational mode:
request security tpm master-encryption-password set plain-text-password
It is recommended that no configuration changes are made while you are changing the master encryption password.
The system checks if the master encryption password is already configured. If master encryption password is configured, then you are prompted to enter the current master encryption password.
The entered master encryption password is validated against the current master encryption password to make sure these master encryption passwords match. If the validation succeeds, you will be prompted to enter the new master encryption password as plain text. You will be asked to enter the key twice to validate the password.
The system then proceeds to re-encrypt the sensitive data with the new master encryption password. You must wait for this process of re-encryption to complete before attempting to change the master encryption password again.
If for some reason, the encrypted master encryption password file is lost or corrupted, the system will not be able to decrypt the sensitive data. The system can only be recovered by re-importing the sensitive data in clear text, and re-encrypting them.
If the system is compromised, the administrator can recover the system using of the following method:
Clear the TPM ownership in u-boot and then install the image in boot loader using TFTP or USB (if USB port is not restricted).
If the installed software version is older than Junos OS Release 15.1X49-D110 and the master encryption password is enabled, then installation of Junos OS Release 15.1X49-D110 will fail. You must backup the configuration, certificates, key-pairs, and other secrets and use the TFTP/USB installation procedure.