Manual Chapter :
Comparison of unit and master keys
Applies To:
Show Versions
BIG-IP LTM
- 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
BIG-IP DNS
- 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Comparison of unit and master keys
The Secure Vault feature provides security through the use of
two cryptographic keys: the unit key and the master key.
The BIG-IP system stores the
master key
in its file system and the mcpd process uses it
to encrypt and decrypt passwords and passphrases when loading BIG-IP system
configuration files. The following table shows the important properties for
each key type.Unit key | Master key |
|---|---|
Encrypts and decrypts
the master key | Encrypts and decrypts
passwords and passphrases for BIG-IP or BIG-IQ
configuration objects. |
Is unique to each
BIG-IP or BIG-IQ system | Is shared between all
high-availability (HA) BIG-IP systems configured
as members of a Device Service Clustering (DSC)
device group |
Is a symmetric AES256
key | Is a symmetric AES128
key |
