Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Wednesday, February 9, 2022

encode_keychange (1)


encode_keychange - produce the KeyChange string for SNMPv3


encode_keychange -t md5|sha1 [OPTIONS]


encode_keychange(1)                Net-SNMP                encode_keychange(1)

       encode_keychange - produce the KeyChange string for SNMPv3

       encode_keychange -t md5|sha1 [OPTIONS]

       encode_keychange  produces  a  KeyChange  string  using the old and new
       passphrases as described in Section 5 of RFC 2274 "User-based  Security
       Model  (USM)  for  version  3 of the Simple Network Management Protocol
       (SNMPv3)". -t option is mandatory and specifies the hash transform type
       to use.

       The  transform  is used to convert passphrase to master key for a given
       user (Ku), convert master key to the localized key (Kul), and  to  hash
       the old Kul with the random bits.

       Passphrases are obtained by examining a number of sources until success
       (in order listed):

              command line options (see -N and -O options below);

              the file $HOME/.snmp/passphrase.ek which should only contain two
              lines with old and new passphrase;

              standard input -or-  user input from the terminal.

       -E [0x]<engineID> EngineID used for Kul generation.
              <engineID>  is  intepreted  as a hex string when preceded by 0x,
              otherwise it is treated as a text string. If  no  <engineID>  is
              specified,  it  is constructed from the first IP address for the
              local host.

       -f     Force passphrases to be read from standard input.

       -h     Display the help message.

       -N "<new_passphrase>"
              Passphrase used to generate the new Ku.

       -O "<old_passphrase>"
              Passphrase used to generate the old Ku.

       -P     Turn off the prompt for passphrases when getting data from stan-
              dard input.

       -v     Be verbose.

       -V     Echo passphrases to terminal.

       See attributes(7) for descriptions of the following attributes:

       |ATTRIBUTE TYPE |        ATTRIBUTE VALUE          |
       |Availability   | system/management/snmp/net-snmp |
       |Stability      | Volatile                        |

       The  localized key method is defined in RFC 2274, Sections 2.6 and A.2,
       and originally documented in

              U. Blumenthal, N. C. Hien, B. Wijnen, "Key Derivation  for  Net-
              work  Management Applications", IEEE Network Magazine, April/May
              issue, 1997.

       Source code for open source software components in Oracle  Solaris  can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-

       This    software    was    built    from    source     available     at
       https://github.com/oracle/solaris-userland.    The  original  community
       source  was  downloaded   from    https://sourceforge.net/projects/net-

       Further information about this software can be found on the open source
       community website at http://www.net-snmp.org/.

V5.8                              16 Nov 2006              encode_keychange(1)