Avaya Configuring Data Encryption Services User Manual download pdf (Page 24)

Configuring Data Encryption Services

1-8

303520-A Rev. 00

The key manager uses an RNG to generate LTSSs, and you specify a name for

each of these values. After you create a file of LTSS keys, you assign the same key

to each end of a secure circuit.

Master Encryption Key (MEK)

The MEK encrypts the Traffic Encryption Key (TEK). The LTSS for a circuit,

combined with the current time, is the source of its MEK. You do not actually

generate, enter, or view the MEK. The WEP software automatically calculates this

value. Like the LTSS, the MEK must be the same on each end of a link.

The value of an individual MEK periodically changes according to the value of

the MEK Change parameter.

For the encryption software to generate identical MEKs, and for the MEKs to

remain identical on both sides of a link as their values change, they must change at

approximately the same time. That can only happen if:

• The MEK Change parameter is set to the same value on each end of a link.

For more information, see the description of this parameter on page A-3

• The clocks on both routers are synchronized. For further information about

router clocks in relation to encryption, see the section “Synchronizing Router

Clocks” on page 2-2

Traffic Encryption Key (TEK)

The TEK encrypts the data that travels across the network. The RNG on a

transmitting router creates the TEK. WEP then encrypts the TEK, using the MEK.

At the receiving router, WEP decrypts the TEK, and uses it to decrypt the data.

The TEK that the standard encryption software generates is 40 bits long. The

strong encryption option (SEO) can generate both 40-bit and 56-bit TEKs.

Note:

Store the files of NPKs and LTSSs on removable media, such as floppy

disks, and store that media in a safe place.

1 2 ... 19 20 21 22 23 24 25 26 27 28 29 ... 69 70

No comments

Avaya Configuring Data Encryption Services User Manual Page 24