man pages section 1: User Commands

Exit Print View

Updated: July 2014

encode_keychange (1)


encode_keychange - produce the KeyChange string for SNMPv3


encode_keychange -t md5|sha1 [OPTIONS]


Net-SNMP                                      encode_keychange(1)

     encode_keychange - produce the KeyChange string for SNMPv3

     encode_keychange -t md5|sha1 [OPTIONS]

     encode_keychange  produces  a KeyChange string using the old
     and new passphrases as described in Section 5  of  RFC  2274
     "User-based Security Model (USM) for version 3 of the Simple
     Network Management Protocol (SNMPv3)". -t option  is  manda-
     tory and specifies the hash transform type to use.

     The  transform  is  used to convert passphrase to master key
     for a given user (Ku), convert master key to  the  localized
     key (Kul), and to hash the old Kul with the random bits.

     Passphrases  are  obtained  by examining a number of sources
     until success (in order listed):

          command line options (see -N and -O options below);

          the file $HOME/.snmp/passphrase.ek  which  should  only
          contain two lines with old and new passphrase;

          standard input -or-  user input from the terminal.

     -E [0x]<engineID> EngineID used for Kul generation.
          <engineID> is intepreted as a hex string when preceeded
          by 0x, otherwise it is treated as a text string. If  no
          <engineID>  is  specified,  it  is constructed from the
          first IP address for the local host.

     -f   Force passphrases to be read from standard input.

     -h   Display the help message.

     -N "<new_passphrase>"
          Passphrase used to generate the new Ku.

     -O "<old_passphrase>"
          Passphrase used to generate the old Ku.

     -P   Turn off the prompt for passphrases when  getting  data
          from standard input.

     -v   Be verbose.

     -V   Echo passphrases to terminal.

V5.4.1               Last change: 16 Nov 2006                   1

Net-SNMP                                      encode_keychange(1)

     See   attributes(5)   for   descriptions  of  the  following

     |ATTRIBUTE TYPE |               ATTRIBUTE VALUE                 |
     |Availability   | system/management/snmp/net-snmp/documentation |
     |Stability      | Volatile                                      |
     The localized key method is defined in  RFC  2274,  Sections
     2.6 and A.2, and originally documented in

          U.  Blumenthal,  N. C. Hien, B. Wijnen, "Key Derivation
          for Network Management Applications", IEEE Network Mag-
          azine, April/May issue, 1997.

     This   software   was   built   from   source  available  at   The   original
     community       source       was       downloaded       from

     Further  information about this software can be found on the
     open source community website at

V5.4.1               Last change: 16 Nov 2006                   2