Cisco Cisco Packet Data Gateway (PDG)
sha1-96
SHA-1 uses a 160-bit secret key and produces a 160-bit authenticator value. This is the default setting for this
command.
command.
sha2-256-128
HMAC-SHA-256 uses a 256-bit secret key and produces a 128-bit authenticator value.
sha2-384-192
HMAC-SHA-384 uses a 384-bit secret key and produces a 192-bit authenticator value.
sha2-512-256
HMAC-SHA-512 uses a 512-bit secret key and produces a 256-bit authenticator value.
Usage Guidelines
HMAC is an encryption technique used by IPsec to make sure that a message has not been altered.
A keyed-Hash-based Message Authentication Code (HMAC), is a type of message authentication code that
is calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
is calculated using a cryptographic hash function in combination with a secret key to verify both data integrity
and message authenticity. A hash takes a message of any size and transforms it into a message of a fixed size:
the authenticator value. This is truncated to 96 bits and transmitted. The authenticator value is reconstituted
by the receiver and the first 96 bits are compared for a 100 percent match.
Examples
The following command configures the default HMAC value (SHA1-96):
default hmac
default hmac
Command Line Interface Reference, Modes I - Q, StarOS Release 19
100
IPSec Transform Set Configuration Mode Commands
hmac