encryption (Junos OS)
Syntax
encryption {
algorithm (des-cbc | 3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc);
key (ascii-text key | hexadecimal key);
}
Hierarchy Level
[edit security ipsec security-association sa-name manual direction (inbound | outbound | bidirectional)]
Description
Configure an encryption algorithm and key for a manual Security Association.
Options
algorithm—Type of encryption algorithm. It can be one
of the following:
des-cbc—Has a block size of 8 bytes (64 bits); its key size is 48 bits long.3des-cbc—Has block size of 8 bytes (64 bits); its key size is 192 bits long.Note:For
3des-cbc, we recommend that the first 8 bytes be different from the second 8 bytes, and the second 8 bytes be the same as the third 8 bytes.aes-128-cbc—Has a block size of 128 bits; its key size is 128 bits long.aes-192-cbc—Has a block size of 128 bits; its key size is 192 bits long.aes-256-cbc—Has a block size of 128 bits; its key size is 256 bits long.Note:The
aes-*-cbcalgorithms support both IKE and IPsec configurations at the[security]hierarchy level.
key—Type of encryption key. It can be one of the following:
ascii-text—ASCII text key. For thedes-cbcoption, the key contains 8 ASCII characters; for3des-cbc, the key contains 24 ASCII characters.
hexadecimal—Hexadecimal key. For thedes-cbcoption, the key contains 16 hexadecimal characters; for the3des-cbcoption, the key contains 48 hexadecimal characters.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
aes-128-cbc, aes-192-cbc, and aes-256-cbc algorithm options added in Junos OS Release 15.1.