220
Display local RSA public keys.
display
public-key
local
rsa
public
[
name
key-name ]
Display local ECDSA public keys.
(Available in Release 1121 and later.)
display public-key local ecdsa
public
[
name
key-name ]
Display local DSA public keys.
display public-key local
dsa
public
[
name
key-name ]
Do not distribute the RSA server public key serverkey (default) to a peer device.
Destroying a local key pair
To avoid key compromise, destroy a local key pair and generate a new pair after any of the following
conditions occurs:
• An intrusion event has occurred.
• The storage media of the device is replaced.
• Local certificate has expired. For more information about the local certificate, see "Configuring
PKI."
To destroy a local key pair:
Step Command
1. Enter system view.
system-view
2. Destroy a local key pair.
public-key local destroy
{
dsa
|
ecdsa
|
rsa
} [
name
key-name ]
Configuring a peer host public key
To encrypt information sent to a peer device or authenticate the digital signature of the peer device,
you must configure the peer device's public key on the local device.
You can configure the peer host public key by using the following methods:
• Import the peer host public key form a public key file (recommended).
• Manually enter (type or copy) the peer host public key.
Importing a peer host public key from a public key file
Before you perform this task, make sure you have exported the host public key to a file on the peer
device and obtained the file from the peer device. For information about exporting a host public key,
see "Exporting a host public key."
After you import the key, the system automatically converts the imported public key to a string in the
Public Key Cryptography Standards (PKCS) format.
To import a peer host public key from a public key file:
To Next Page
Loading...
Need help?
General