Encrypt and Decrypt Configuration Files
You store configuration data and sensitive network information in configuration files. Encrypting configuration files enables you to secure the information they store. Decrypting means disabling the encryption of configuration files on a device and making the files readable to all.
Encryption features are not available on all Juniper Networks devices. If these features are not available on one or more of your devices, the Junos OS CLI encryption-related commands described in this topic may be hidden or may not function. See your hardware documentation for details.
Encrypt Configuration Files
To encrypt configuration files on a Juniper Networks device, you need an encryption key. You configure an encryption key in EEPROM and determine which encryption process is appropriate for your network.
To configure an encryption key, select the most appropriate request system
set-encryption-key
command in operational mode, as described in the
following table.
CLI Command |
Description |
---|---|
|
Sets the encryption key and enables default configuration file encryption:
|
|
Sets the encryption key and specifies configuration file encryption by DES. |
|
Sets the encryption key and enables default configuration file encryption with a unique encryption key that includes the chassis serial number of the device. When you encrypt configuration files with the unique key, you can decrypt the files on the current device only. You cannot copy encrypt configuration files to another device and decrypt them. |
|
Sets the encryption key and specifies configuration file encryption by DES with a unique encryption key. |
To encrypt configuration files on a device:
Decrypt Configuration Files
Decrypting configuration files means disabling the file encryption on a device, which makes the files readable to all.
To disable the encryption of configuration files on a device:
Modify the Encryption Key
When you modify the encryption key, the configuration files are decrypted and then reencrypted with the new encryption key.
To modify the encryption key: