User Manuals : DIRAC User Manual : DIRAC Functional Description : DIRAC Key Management
Hitachi Energy
DIRAC Key Management
Master Keys are used by the SENC1 Crypto Engines to encrypt the Session Keys. Master Keys are generated by the Quantis USB device attached to the DIRAC server, and distributed to the SENC1 Crypto Engines. For the installation of the Quantis device please refer to [1KHW029081] User Manual “DIRAC - DIRAC Server Installation”.
The Quantis USB device is connected to the DIRAC server. Master Keys are generated and distributed whenever FOXMAN-UN deploys an encrypted segment/tunnel, or on DIRAC user request.
When a new Master Key for a specific LSP is requested the following operations are performed:
The MPLS Manager checks the existence of the LSP.
The MPLS Manager gets the list of endpoints corresponding to this LSP.
The MPLS Manager requests a new Master Key from the Quantis USB device.
The MPLS Manager distributes the new Master Key to the Crypto Engines according to Figure Master Key distribution and activation.
The MPLS Manager gives back the result to the user.
Master Key distribution and activation
The Quantis USB device is supervised by the DIRAC server. The Quantis USB status is checked every minute by the DIRAC server. A QRNG alarm is raised …
if the Quantis USB device is not available, or
if the Quantis USB device does not deliver a new Master Key on request.