Cisco Cisco ASR 5000
IPSec Transform Set Configuration Mode Commands
▀ hmac
▄ Command Line Interface Reference, StarOS Release 18
6654
sha2-256-128
HMAC-SHA-256 uses a 256-bit secret key and produces a 128-bit authenticator value.
sha2-384-192
HMAC-SHA-384 uses a 384-bit secret key and produces a 192-bit authenticator value.
sha2-512-256
HMAC-SHA-512 uses a 512-bit secret key and produces a 256-bit authenticator value.
Usage
HMAC is an encryption technique used by IPsec to make sure that a message has not been altered.
A keyed-Hash-based Message Authentication Code (HMAC), is a type of message authentication code that is
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
A keyed-Hash-based Message Authentication Code (HMAC), is a type of message authentication code that is
calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
Example
The following command configures the default HMAC value (SHA1-96):
default hmac