Configuring a Pre-Shared Password
Context
If the EK certificate is not preinstalled on the device before delivery, the user uses the privacy CA protocol to send a challenge value request to the Certificate Authority Service through the remote attestation client, and sets a pre-shared password on the Certificate Authority Service and remote attestation client for message authentication. A user logs in to the remote attestation client, and uses the privacy CA protocol to send a certificate application request to the Certificate Authority Service. The request contains information, such as the CA name, certificate profile name, subject information, and challenge value. After obtaining the request, the Certificate Authority Service checks whether the challenge value has expired and verifies the AK public key information. If the verification is successful, the Certificate Authority Service issues the EK certificate.
A user uses the RA client to send a challenge value request to the Certificate Authority Service using the privacy CA protocol and import the EK trust certificate chain. The request contains the public AK and EK certificate. After receiving the request, the Certificate Authority Service verifies the public AK information and uses the imported EK trust certificate chain to verify the EK certificate. If the verification is successful, the Certificate Authority Service returns the encrypted challenge value. The user then uses the RA client to send a certificate application request to the Certificate Authority Service using the privacy CA protocol. The request contains the CA name, certificate profile name, subject information, and challenge value. After receiving the request, the Certificate Authority Service checks whether the challenge value has expired and verifies the public AK information. If the verification is successful, the Certificate Authority Service issues the AK certificate.
Procedure
- Choose from the main menu.
- Choose from the navigation tree on the left.
- On the Pre-Shared Password Configuration tab page, click Add and set the parameters required for the pre-shared password.
For detailed parameter descriptions, see Table 1.
Table 1 Pre-shared password parameters Parameter
Description
Value
Label
You can customize the name of a pre-shared password to distinguish different passwords.
The name is a string of 1 to 45 characters containing letters, digits, underscores (_), and hyphens (-).The name cannot be null or all (case insensitive).
Pre-shared password
Customize a pre-shared password for message integrity protection and identity authentication during message authentication.
- The password must be a string of 12 to 128 characters that contain at least three types of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain three or more of the same characters consecutively.
- A maximum of 16 pre-shared passwords can be configured.
Associated CA
Select an associated CA and configure the pre-shared password for verifying the challenge request.
N/A
- After the configuration is complete, click Submit.
Related Tasks
- Searching for the pre-shared password
Choose . On the Pre-Shared Password Configuration tab page, enter a pre-shared password name in the search box and click
to find the pre-shared password. The Certificate Authority Service supports fuzzy search by pre-shared password name. - Modifying the pre-shared password
Choose . On the Pre-Shared Password Configuration tab page, click Modify on the right of the pre-shared password to change the pre-shared password.
- Deleting the pre-shared password
Choose . On the Pre-Shared Password Configuration tab page, click Delete on the right of the pre-shared password to delete the pre-shared password.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
