Key update inconsistent

Hi Frank,

I am trying trying to implement the key update functionality, but the resulting key seems to be inconsistent each time it’s generated from the manager.

I first generate a default key on the agent with usm.build_localized_keys and added the resulting keys to the UsmUserTable. This seems to consistently generate the same key based on the input password and engine ID (I.e. “TestPassword” will always generate the same key) and allows authentication with the passwords used to generate the keys.

My issue comes in when I try to update the key from the manager using key_update_prepare etc. based on the example provided (snmpPasswd.cpp).
When I update the key from the manager it seems to update the UsmUserTable with a newly generated key. However, the resulting key doesn’t allow authentication (requests time out) using the password that was just used to update the key. I have also noticed by looking at the agent’s log that the resulting key is inconsistent despite entering the same ‘new pass’ and engine ID.

I would assume that updating the key with key_update would generate keys in the same way that build_localized_keys does, resulting in consistent keys when using the same password… I may have misunderstood the functionality of these though.

Any help would be much appreciated!


I just tested with the snmpPasswd and the atm_mib example agent. With the unmodified snmpPasswd.cpp I could change the auth password of the default MD5DES user and after replacing AUTHKEY with PRIVKEY I could modify the priv password.

Can you check with the snmpPasswd example if it is able to modify the passwords?

Kind regards,


Thanks for your response!

I am able to successfully update the password when the user is added to the UsmUserTable with the passwords provided like in the atm_mib example agent.

However, I was trying to set up the user with generated localized keys, generated with build_localized_keys like so:

Screenshot 2023-07-11 091327

When I set up the user with generated localized keys which are generated using the same passwords, the key is changed to a different value each time the KeyChange function is executed (resulting in the key being changed to a value that doesn’t match the password).

I think I may have misunderstood how localized keys should be used, but I expected the KeyChange function to work on both users set up on the agent with passwords or localized keys.

Could you please clarify what I’m missing here, or whether I’m completely misunderstanding the functionality of the localized keys?




sorry, but I still do not know what exactly you are doing (which functions do you call) on manager side and on agent side.

The atm_mib example agent adds the users like this:

		       "MD5DESUserPrivPassword",  engineID, false);

The last false forces the function to NOT add the passwords to the USM. So there are no passwords available when doing the key change.

Where do you follow (and where not) the process of snmpPasswd example?

  • call USM::key_update_prepare()
  • send the resulting Pdu to the agent
  • process the response of the agent
  • Call USM::key_update_commit() on success

Did you change something in the UsmUserTable?

Maybe the problem you are seeing is related to your generateKey() function: The filled arrays outAuth and outPriv can contain any character (including \0), so your authKey and privKey can be too short as you do not pass the authSize/privSize to the OctetStr constructor.

Kind regards,

Hi Jochen

It turns out the issue was due to me not passing the authSize and privSize to the OctetStr constructor as you described. As soon as I added that it started working nicely.

Thank you for your help!