Child pages
  • How to configure nonstandard AES 192/256 for a SNMPv3 user?
Skip to end of metadata
Go to start of metadata

Some devices* and SNMP tools use an AES key extension algorithm implementation for 192 and 256 bit key length that was not specified in the IETF draft Instead those implementations use the key extension algorithm specified by To use the latter non-standard protocol follow the steps below:

  1. Use SNMP4J 2.2.3 or later.

  2. Add the nonstandard privacy protocol to the SecurityProtocols instance with

    SecurityProtocols.getInstance().addPrivacyProtocol(new  PrivAES256With3DESKeyExtension()); 
  3. Specify the nonstandard privacy protocol for the SNMPv3 user that should use it:

        user = new UsmUser(new OctetString("SHAAES256"),
                                   new OctetString("SHAAES256AuthPassword"),
        // Use the following privacy protocol if you want to use AES 256 with 3DES  like key extension for this user:
        // Use the following privacy protocol for standard conform AES 256 privacy:
        //                         PrivAES256.ID,
                                   new OctetString("SHAAES256PrivPassword"));

Note: Standard and non-standard protocols cannot be used for the same SNMPv3 security Name concurrently.

* SNMP4J users reported that there are Cisco devices using the 3DES key extension also for AES.

  • No labels