 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |
A symmetric session key (in 3DES) is generated in the Routing Engine every time the Routing Engine or AS II FIPS PIC is rebooted. This session key is encrypted and signed with an RSA key pair and pushed to the PIC. IPSec SA keys are sent to the PIC encrypted with the session key. To maintain the cryptographic boundary, core dumps are disabled in the AS II FIPS PIC. You can return the PIC to the “factory-shipped�? state by zeroizing it.
Before you remove an authorized AS II FIPS PIC from the system, you should zeroize the PIC with the request services fips zeroize command:
crypto-officer@host> request services
fips zeroize pic fpc-slot 2 pic-slot 0
Zeroization command sent to the PIC. Please check logs for the result.
Note that once the command is issued and the cryptographic boundary around the AS II FIPS PIC is broken, the result can no longer be reported directly to the user. You should allow about 40 seconds to zeroize an AS II FIPS PIC.
You cannot zeroize all installed AS II FIPS PICs at once. They must be zeroized one at a time. You also cannot zeroize an installed AS II FIPS PIC that has not been authorized:
crypto-officer@host> request services
fips zeroize pic fpc-slot 2 pic-slot 2
Command failed as PIC sp-2/2/0 is not authorized yet.
| Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |