cryptomode command
Use this command to display and configure the compliance mode with the exceptions for encryption.
The following table shows the arguments for the options.
Option | Description | Values |
---|---|---|
-set | Select the compliance mode | basic, NIST1 |
-esnmpv3 | Allow or disallow SNMPv3 accounts to operate in a non-compliant manner with the NIST compliance mode | enable, disable |
-h | List the usage and options | |
|
Syntax:
cryptomode [<em className="ph i">options</em>]
options:
-set <em className="ph i">basic|nist</em>
-esnmpv3 <em className="ph i">enabled|disabled</em>
-h <em className="ph i">usage_options</em>
Examples:
To set the cryptomode to basic, type the following command:
system> cryptomode
-set basic
ok
system> cryptomode
Mode Exceptions
Basic Compatibility
system>
To set the cryptomode to NIST Strict, type following command:
system> cryptomode
-set NIST
ok
system> cryptomode
Mode Exceptions
NIST SP 800-131A
system>
To set the cryptomode to NIST Strict and allow SNMP in the compatible mode, type following command:
system> cryptomode
-set NIST -esnmpv3 enabled
ok
system> cryptomode
Mode Exceptions
NIST SP 800-131A allow SNMPv3 accounts
system>
If there are certificates or key strengths that are not compatible with the NIST mode; the command fails and an error message is generated. The compliance mode is not changed See the following example:
system> cryptomode
-set NIST
LDAP Server 1 certificate invalid
fail
system>
Give feedback