このブログでも何度かSNMPv3のエンジンIDについて書いたが、そもそもエンジンIDが何に使われるのか、ちゃんと調べたことはなかった。
そこで、今回、RFC など調べてみたところ、エンジンID は SNMPv3 通信において、認証や暗号化(復号化)を行う時の鍵として使われるようだ。
https://tools.ietf.org/html/rfc3414#section-2.6
2.6. Key Localization Algorithm.
A localized key is a secret key shared between a user U and one
authoritative SNMP engine E. Even though a user may have only one
password and therefore one key for the whole network, the actual
secrets shared between the user and each authoritative SNMP engine
will be different. This is achieved by key localization [Localized-
key].First, if a user uses a password, then the user's password is
converted into a key Ku using one of the two algorithms described in
Appendices A.2.1 and A.2.2.★To convert key Ku into a localized key Kul of user U at the
authoritative SNMP engine E, one appends the snmpEngineID of the
authoritative SNMP engine to the key Ku and then appends the key Ku
to the result, thus enveloping the snmpEngineID within the two copies
of user's key Ku. Then one runs a secure hash function (which one
depends on the authentication protocol defined for this user U at
authoritative SNMP engine E; this document defines two authentication
protocols with their associated algorithms based on MD5 and SHA).
The output of the hash-function is the localized key Kul for user U
at the authoritative SNMP engine E.
ちなみに、上記に記載のある通り、rfc3414 の Appendices A.2.1 and A.2.2 には、エンジンIDをもとに鍵を生成する際のアルゴリズムの例が記載されている。
〇参考
