beautypg.com

Destroying a local key pair, Configuring a peer host public key – H3C Technologies H3C S6300 Series Switches User Manual

Page 192

background image

177

Task Command

Display local RSA public keys.

display public-key local rsa public [ name key-name ]

Display local DSA public keys.

display public-key local dsa public [ name key-name ]

NOTE:

Do not distribute the RSA server public key serverkey (default) to a peer device.

Destroying a local key pair

To avoid key compromise, destroy a local key pair and generate a new pair after any of the following

conditions occurs:

An intrusion event has occurred.

The storage media of the device is replaced.

The local certificate has expired. For more information about local certificates, see "

Configuring

PKI

."

To destroy a local key pair:

Step Command

1.

Enter system view.

system-view

2.

Destroy a local key pair.

public-key local destroy { dsa | ecdsa | rsa } [ name key-name ]

Configuring a peer host public key

To encrypt information sent to a peer device or authenticate the digital signature of the peer device, you

must configure the public key of the peer device on the local device.

Table 9 Peer host public key configuration methods

Method Prerequisites

Remarks

Import the peer host public
key from a public key file
(recommended)

3.

Save the host public key in a file
on the peer device.

4.

Get the file from the peer device,
for example, by using FTP or

TFTP in binary mode.

The system automatically converts the
imported public key to a string in the

Public Key Cryptography Standards

(PKCS) format.

Manually enter (type or copy)
the peer host public key

Display and record the public key on
the peer device.

IMPORTANT:

If the peer device is an H3C device, use

the display public-key local public
command to display the public key.

The format of the public key displayed

in any other way might be incorrect.

If the key is not in the correct

format, the system discards the key
and displays an error message. If

the key is valid, for example, the

key displayed by the display
public-key local public command,

the system saves the key.

Always use the first method if you
are not sure of the format of the

recorded public key.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: