Manual Chapter : Comparison of unit and master keys

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP DNS

  • 17.0.0, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Comparison of unit and master keys

The Secure Vault feature provides security through the use of two cryptographic keys: the unit key and the master key.
The BIG-IP system stores the
master key
in its file system and the mcpd process uses it to encrypt and decrypt passwords and passphrases when loading BIG-IP system configuration files. The following table shows the important properties for each key type.
Unit key
Master key
Encrypts and decrypts the master key
Encrypts and decrypts passwords and passphrases for BIG-IP or BIG-IQ configuration objects.
Is unique to each BIG-IP or BIG-IQ system
Is shared between all high-availability (HA) BIG-IP systems configured as members of a Device Service Clustering (DSC) device group
Is a symmetric AES256 key
Is a symmetric AES128 key