encryption
Syntax
encryption {algorithm algorithm;key (ascii-text key | hexadecimal key);}
Hierarchy Level
Release Information
Statement introduced before Junos OS Release 7.4.
aes-128-cbc, aes-192-cbc, and aes-256-cbc options added in Junos OS Release 7.6.
Description
Configure an encryption algorithm and key for manual SA.
Options
algorithm—Type of encryption algorithm. The algorithm can be one of the following:
- des-cbc—Has a block size of 8 bytes (64 bits); the key size is 48 bits long.
- 3des-cbc—Has a block size of 8 bytes (64 bits); the key size is 192 bits long.
- aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.
- aes-192-cbc—Advanced Encryption Standard (AES) 192-bit encryption algorithm.
- aes-256-cbc—Advanced Encryption Standard
(AES) 256-bit encryption algorithm.
Note: For 3des-cbc, the first 8 bytes should differ from the second 8 bytes, and the second 8 bytes should be the same as the third 8 bytes.
key—Type of encryption key. The key can be one of the following:
- ascii-text—ASCII text key. Following are
the key lengths, in ASCII characters, for the different encryption
options:
- des-cbc option, 8 ASCII characters
- 3des-cbc option, 24 ASCII characters
- aes-128-cbc option, 16 ASCII characters
- aes-192-cbc option, 24 ASCII characters
- aes-256-cbc option, 32 ASCII characters
- hexadecimal—Hexadecimal key. Following
are the key lengths, in hexadecimal characters, for the different
encryption options:
- des-cbc option, 16 hexadecimal characters
- 3des-cbc option, 48 hexadecimal characters
- aes-128-cbc option, 32 hexadecimal characters
- aes-192-cbc option, 48 hexadecimal characters
- aes-256-cbc option, 64 hexadecimal characters
Usage Guidelines
See Configuring Encryption for a Manual IPsec SA.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
