The SetPresharedKeyForId method allows a management application to associate a particular preshared key with the identifier (ID) that an initiator uses to identify itself during phase 1 of an aggressive or main-mode Internet key exchange (IKE).
When an initiator uses a preshared key in a key exchange, it associates the key with an identifier for the initiator (and with an IP address) and passes the identifier and its associated key to the target in the data portion of an identification packet (also known as the identification payload). The initiator passes the identifier and its associated key during phase 1 of an aggressive or main-mode IKE, as described in RFC 2407. 标识有效负载允许目标以安全的方式标识发起程序,并选择适合与该特定发起程序的连接的安全策略。
After the SetPresharedKeyForId method specifies the preshared key, the initiator should store it in nonvolatile storage if nonvolatile storage is available. 但是,发起程序还应将预共享密钥保留在工作内存中,以便在 IKE 阶段 1 协商期间快速提供该密钥。 这提高了密钥交换的效率。 如果非易失性内存对发起程序不可用,发起程序服务将代表发起方存储密钥。
A management application can use the SetPresharedKeyForId method to associate a preshared key with a particular initiator identifier. To associate a default key with all of an initiator's identifiers, the application can call the SetGroupPresharedKey method. 如果标识符和键之间存在显式关联,则显式关联指定的键优先于默认键。
SetPresharedKeyForId belongs to the unpublished MSiSCSI_SecurityConfigOperations WMI class. For a description of the parameters of the SetPresharedKeyForId method, see the member descriptions for the SetPresharedKeyForId_IN and SetPresharedKeyForId_OUT structures.
Miniport drivers that implement the MSiSCSI_SecurityConfigOperations WMI class must support SetPresharedKeyForId.