Decrypt crypto

[mrn]

Is it possible to decrypt a isakmp key?

I've take over from a guy that didn't document anything. I can get onto the router and enter en mode. I was wondering if there was a command like show crypto key that would reverse the encryption and show me the plaintext key.

crypto isakmp key s=de4ed@f address xxx.xxx.xxx.xxx no-xauth

Regards

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant."

http://www.airport-parking-site.co.uk/

 

[jtho]

I believe that key is stored in plain text on the router so what you see is the actual key. I checked a few of mine and they are all shown in plain text when I sh run.

 

[lambent]

there's a command to encrypt the pre-share key but needs IOS version 12.3(2)T at least:

key config-key password-encryption [master key]
password encryption aes

The [master key] is the password/key used to encrypt all other keys in the router configuration using an Advance Encryption Standard (AES) symmetric cipher. The master key is not stored in the router configuration and cannot be seen or obtained in any way while connected to the router.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml