Lantronix 900-618 manual Enable Encryption, To configure AES encryption on the xPico

Page 59

8: Setup Mode: Advanced Settings

Enable Encryption

Rijndael is the block cipher algorithm chosen by the National Institute of Science and Technology (NIST) as the Advanced Encryption Standard (AES) to be used by the US government. The xPico supports 128-, 192-, and 256-bit encryption key lengths.

Note: Configuring encryption should be done through a local connection to the serial port of the xPico, or via a secured network connection. Initial configuration information, including the encryption key, is sent in clear text over the network.

To configure AES encryption on the xPico:

1.When prompted to enable encryption, select Y.

2.When prompted, enter the encryption key length. The xPico supports 128-, 192-, and 256-bit encryption key lengths.

3.When prompted to change keys, select Y.

4.At the Enter Keys prompt, enter your encryption key. The encryption keys are entered in hexadecimal. The hexadecimal values are echoed as asterisks to prevent onlookers from seeing the key. Hexadecimal values are 0-9 and A-F.

For a 128-bit key length, enter 32 hexadecimal characters.

For a 192-bit key length, enter 48 hexadecimal characters.

For a 256-bit key length, enter 64 hexadecimal characters

5.Continue pressing Enter until you return to the Change Setup menu.

6.From the Change Setup menu, select option 9 to save and exit.

Encryption only applies to the port selected for data tunneling (default 10001 for Channel 1 and 10002 for Channel 2), regardless of whether you are using TCP or UDP.

Generally, one of these situations applies:

Encrypted xPico-to-xPico communication. Be sure to configure both modules with the same encryption key.

Third-party application to xPico-encrypted communication: xPico uses standard AES encryption protocols. To communicate successfully, products and applications on the peer side must use the same protocols and the same encryption key as the xPico.

xPico User Guide

59

Image 59

Contents User Guide Technical Support Sales Offices Lantronix Corporate HeadquartersDisclaimer Table of Contents Configuration via Telnet or Serial Port Setup Mode Setup Mode Advanced Settings Gpio Interface List of Figures List of TablesChapter Summary Using This GuidePurpose and Audience XPico Integration Guide Additional DocumentationApplications IntroductionCapabilities Hardware Address Configuration MethodsProtocol Support Addresses and Port NumbersPort Numbers Product Information LabelIP Address Assigning an IP Address Using DeviceInstallerInstalling DeviceInstaller To install DeviceInstallerName Accessing the xPico Using DeviceInstallerTo view the units current settings Select Assign a specific IP address and click NextDevice Family Dhcp Device NameGroup CommentsSupports Http Setup Firmware UpgradeableSupports Configurable PinsAccessing Web-Manager Using DeviceInstaller Configuration Using Web ManagerWeb-Manager Login Window Network ConfigurationSelect Obtain IP address automatically Network ModeTo assign an IP address automatically To assign an IP address manually Static IP Address ConfigurationEthernet Configuration Select Use the following IP configurationAuto Negotiate To configure the xPico’s device server settingsAdvanced Host List ConfigurationServer Configuration Host Information Channel 1 and 2 ConfigurationRetry Settings To configure the xPico’s host listChannel Serial SettingsPort Settings To configure the channel’s serial settingsFlush Input Buffer Serial to Network Pack ControlAt Time of Disconnect Connection Settings TCPTo configure a channel’s TCP settings Flush Output Buffer Network to SerialTCP Connection Settings Connect Protocol Connect Mode Passive ConnectionConnect Mode Active Connection Endpoint ConfigurationTo configure a channel’s UDP settings Connection Settings UDPDisconnect Mode Device Address Table Datagram ModeDatagram Type Use BroadcastTo configure the xPico’s Configurable Pins Configurable Pin SettingsConfigurable Pin Functions Serial Channel 2 Status LED Apply SettingsApply Defaults Serial Channel 1 Status LEDTelnet Connection Configuration via Telnet or Serial Port Setup ModeAccessing Setup Mode To establish a Telnet connection Serial Port ConnectionTo exit setup mode Exiting Setup ModeIP Address Setup Mode Server ConfigurationServer Configuration Option BootP/DHCP/AutoIP OptionsSet DNS Server IP Address Change Telnet/Web-Manager PasswordSet Gateway IP Address Netmask Number of Bits for Host PartDhcp Name Baudrate Setup Mode Channel ConfigurationChannel 1 Option 1 or Channel 2 Option Flow Interface ModeInterface Mode Options RS232 Interface Mode SettingsReserved Port Numbers Connect ModePort Number Flow Control OptionsResponse Connect Mode OptionsIncoming Connection Incoming ConnectionActive Startup ResponseManual Connection Address Example Manual ConnectionHostlist Option To enable the hostlistDirected UDP Modem ModeDatagram Type Numeric Response Modem Mode CommandsAuto Increment Source Port Send the Escape Sequence +++ in Modem ModeShow IP addr after Ring Remote IP Address Disconnect Mode OptionsPack Control Flush Mode Buffer FlushingSend Characters Packing IntervalTrailing Characters Telnet Terminal Type DisConnTime Inactivity TimeoutChannel Port Password Send CharactersTCP Keepalive time in seconds Setup Mode Advanced SettingsExpert Settings Option Http Port Number ARP Cache timeout in secondsDisable Monitor Mode at bootup CPU PerformanceEthernet Connection Type Security Settings OptionTCP Re-Transmission Timeout Enable alternate MACSnmp Community Name Disable SnmpDisable Telnet Setup Disable Web Setup Disable Tftp Firmware UpgradeDisable Port 77FE Hex Disable Web ServerTo configure AES encryption on the xPico Enable EncryptionChannel 1 and Channel 2 Configuration Defaults Default Settings OptionEnable Enhanced Password Disable Port 77F0 HexStart character for serial channel Expert Settings DefaultsSecurity Settings Defaults Hostlist retry timeoutGpio Interface Configurable PinsFeatures Guidelines CommandsByte 0 Command Types Control ProtocolCommand 13h, Get Current States Command 10h, Get FunctionsCommand 11h, Get Directions Command 12h, Get Active LevelsCommand details Command 19h, Set DirectionsCommand 1Ah, Set Active Levels Command 1Bh, Set StatesResponse details To download new firmware from a computer Firmware UpgradesUsing Tftp Graphical User Interface Obtaining Firmware Reloading FirmwareTftp Window Using Tftp Command Line InterfaceTo recover firmware Monitor Mode Commands Monitor ModeEntering Monitor Mode Using the Serial Port Entering Monitor Mode Using the Network PortExample Monitor Mode CommandsG0, G1, ....,Ge, Gf S0, S1,...,Se, SfResponse Meaning Command Response CodesProblems and Error Messages TroubleshootingLock on Caps Lock is not onTroubleshooting Technical Support Europe, Middle East, and Africa Technical SupportTechnical Support US Scientific Calculator Binary to Hexadecimal ConversionsConverting Binary to Hexadecimal Conversion TableBinary to Hexadecimal Conversions RoHS Notice Compliance