Configuration procedure, Distributing a local host public key – H3C Technologies H3C S6300 Series Switches User Manual

175

Configuration procedure

To create a local key pair:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a local key pair.

•

In Release 2310:

public-key local create { dsa |
ecdsa | rsa } [ name key-name ]

•

In Release 2311P04 and later

versions:

{

In non-FIPS mode:

public-key local create { dsa
| ecdsa { secp192r1 |

secp256r1 } | rsa } [ name

key-name ]

{

In FIPS mode:

public-key local create { dsa

| ecdsa secp256r1 | rsa }
[ name key-name ]

By default, no local key pairs exist.

Distributing a local host public key

You must distribute a local host public key to a peer device so the peer device can use the public key to

encrypt information sent to the local device or authenticate the digital signature signed by the local
device.
To distribute a local host public key:

1.

Record the key or export the key to a file

2.

Transfer the key, for example, by using FTP or TFTP

This section covers only the first task.
The following methods are available for recording or exporting a local host public key:

•

Exporting a host public key in a specific format to a file (use this method if you can import public
keys from a file on the peer device).

•

Displaying a host public key in a specific format and saving it to a file (use this method if you can
import public keys from a file on the peer device).

•

Displaying a host public key (use this method if you must manually enter the key on the peer device).

Exporting a host public key in a specific format to a file

Step Command

Remarks

1.

Enter system view.

system-view

N/A