Some devices* and SNMP tools use an AES key extension algorithm implementation for 192 and 256 bit key length that was not specified in the IETF draft http://tools.ietf.org/html/draft-blumenthal-aes-usm-04. Instead those implementations use the key extension algorithm specified by http://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00. To use the latter non-standard protocol follow the steps below:
Use SNMP4J 2.2.3 or later.
Add the nonstandard privacy protocol to the SecurityProtocols instance with
import org.snmp4j.security.nonstandard.PrivAES256With3DESKeyExtension; SecurityProtocols.getInstance().addPrivacyProtocol(new PrivAES256With3DESKeyExtension());
Specify the nonstandard privacy protocol for the SNMPv3 user that should use it:
user = new UsmUser(new OctetString("SHAAES256"), AuthSHA.ID, new OctetString("SHAAES256AuthPassword"), // Use the following privacy protocol if you want to use AES 256 with 3DES like key extension for this user: PrivAES256With3DESKeyExtension.ID, // Use the following privacy protocol for standard conform AES 256 privacy: // PrivAES256.ID, new OctetString("SHAAES256PrivPassword"));
Note: Standard and non-standard protocols cannot be used for the same SNMPv3 security Name concurrently when using USM - you can use them in a command generator with DirectUserTarget.
* SNMP4J users reported that there are Cisco devices using the 3DES key extension also for AES.