Use the fields within the Algorithms section of the Security tab to specify which HMAC and Key Wrap algorithms are used by this Slave outstation and its DNP3 master(s):
- HMAC—Use to specify which Hash-based Message Authentication Code (HMAC) algorithm:
- the Slave outstation is to use when responding to Key Status or Session Key Change requests sent by its DNP3 master(s)
- the DNP3 master(s) are to use when responding to challenges sent by this Slave outstation (ClearSCADA)
- the DNP3 master(s) are to use when issuing Aggressive Mode requests to this Slave outstation. (This only applies if the DNP3 master(s) are configured to issue, and the Slave outstation is configured to accept, Aggressive Mode requests—see Specify Whether Aggressive Mode is Used.)
- Key Wrap—The DNP3 master uses this Key Wrap algorithm to encrypt the Session Keys during a Session Key Change, using a pre-shared Update Key. The algorithm also determines the length of the Update Key.
- The Slave outstation (ClearSCADA) determines which Key Wrap algorithm the DNP3 master is to use during each Session Key Change. ClearSCADA supports a single Key Wrap algorithm, the Advanced Encryption Standard (AES) AES-128. The AES-128 algorithm requires a 128-bit Update Key, comprising 32 hexadecimal digits.
We recommend that you select the largest HMAC supported by the DNP3 master(s) and appropriate to the type of communications being used.