<div dir="ltr">I am struggling to get SNMP informs with AES privacy working. I have no problems with DES privacy on informs.<div><br></div><div>In snmpa_usm.erl I see that the *local engine* boots and time is passed to snmp_usm:aes_encrypt() which forms part of the IV....<br>
</div><div><br></div><div><div><br></div></div><div><br></div><div>However RFC <span style="color:rgb(0,0,0);white-space:pre-wrap">3826 states that the *authoritative* engine boots and time should be used, and in the case of informs the authoritative engine is the inform target engine, not the local engine....</span></div>
<div><span style="color:rgb(0,0,0);white-space:pre-wrap"><br></span></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap">[from RFC 3826]</span></div><div><pre style="color:rgb(0,0,0);word-wrap:break-word;white-space:pre-wrap">
3.1.2.1. AES Encryption Key and IV
The first 128 bits of the localized key Kul are used as the AES
encryption key. The 128-bit IV is obtained as the concatenation of
the authoritative SNMP engine's 32-bit snmpEngineBoots, the SNMP
engine's 32-bit snmpEngineTime, and a local 64-bit integer. The 64-
bit integer is initialized to a pseudo-random value at boot time.
</pre></div><div><br></div><div><br></div><div>Could this be why AES privacy is not working for informs?</div><div><br></div><div>Dan.</div></div>