Cisco Cisco ASR 5000 トラブルシューティングガイド

This document describes how to back up .chassisidfile (chassis ID) on StarOS releases 20 and
higher.

The chassis key is used to encrypt and decrypt encrypted passwords in the configuration file. If
two or more chassis are configured with the same chassis key value, the encrypted passwords
can be decrypted by any of the chassis sharing the same chassis key value. As a corollary to this,
a given chassis key value cannot decrypt passwords that were encrypted with a different chassis
key value.

The chassis key is used to generate the chassis ID which is stored in a file and is used as the
master key for protecting sensitive data (such as passwords and secrets) in configuration files

For release 15.0 and higher, the chassis ID is an SHA256 hash of the chassis key. The chassis
key can be set by users through a CLI command or via the Quick Setup Wizard. If the chassis ID
does not exist, a local MAC address is used to generate the chassis ID.

For release 19.2 and higher, the user must explicitly set the chassis key through the Quick Setup
Wizard or CLI command. If it is not set, a default chassis ID using the local MAC address is
generated. In the absence of a chassis key (and hence the chassis ID), sensitive data does not
appear in a saved configuration file.

The chassis ID is the SHA256 hash (encoded in base36 format) of the user entered chassis
key plus a 32-byte secure random number. This assures that the chassis key and chassis ID
have 32-byte entropy for key security.

If a chassis ID is not available encryption and decryption for sensitive data in configuration files do
not work.