4.1. Generating a Message

This section describes the behavior of a SNMPv2 entity when it communicates with a SNMPv2 party for which the privacy protocol is administratively specified as the Symmetric Privacy Protocol. Insofar as the behavior of a SNMPv2 entity when transmitting a protocol message is defined generically in [1], only those aspects of that behavior that are specific to the Symmetric Privacy Protocol are described below. In particular, this section describes the encapsulation of a SNMPv2 authenticated management communication into a SNMPv2 private management communication.

According to Section 3.1 of [1], a SnmpPrivMsg value is constructed during Step 5 of generic processing. In particular, it states the privData component is constructed according to the privacy protocol identified for the SNMPv2 party receiving the message. When the relevant privacy protocol is the Symmetric Privacy Protocol, the procedure performed by a SNMPv2 entity whenever a management communication is to be transmitted by a SNMPv2 party is as follows.

1. If the SnmpAuthMsg value is not authenticated according to the conventions of the Digest Authentication Protocol, the generation of the private management communication fails according to a local procedure, without further processing.

2. The local database is consulted to determine the private privacy key of the SNMPv2 party receiving the message (represented, for example, according to the conventions defined in Section 1.5.2).

3. The SnmpAuthMsg value is serialized according to the conventions of [13] and [12].

4. The octet sequence representing the serialized SnmpAuthMsg value is encrypted using, for example, the algorithm specified in Section 1.5.2 and the extracted private privacy key.

5. The privData component is set to the encrypted value.

As set forth in [1], the SnmpPrivMsg value is then serialized and transmitted to the receiving SNMPv2 party.