beautypg.com

Destroying an asymmetric key pair, Configuring a peer public key – H3C Technologies H3C SecPath F1000-E User Manual

Page 340

background image

328

NOTE:

Key pairs created with the public-key local create command are saved automatically and can survive
system reboots.

Displaying or exporting the local RSA or DSA host public key

Display the local RSA or DSA host public key on the screen or export it to a specified file. Then, you can

configure the local RSA or DSA host public key on the peer device so that the peer device can use the host

public key to authenticate the local end through digital signature.
To display or export the local RSA or DSA host public key:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Display the local RSA host public key on
the screen in a specified format, or export

it to a specified file.

public-key local export rsa

{ openssh | ssh1 | ssh2 }
[ filename ]

Select a command
according to the type of

the key to be exported.

3.

Display the local DSA host public key on

the screen in a specified format or export
it to a specified file.

public-key local export dsa
{ openssh | ssh2 } [ filename ]

Destroying an asymmetric key pair

You may need to destroy an asymmetric key pair and generate a new pair when an intrusion event has
occurred, the storage media of the device is replaced, the asymmetric key has been used for a long time,

or the certificate from the Certificate Authority (CA) expires. To check the certificate status, use the display

pki certificate command. For more information about the CA and certificate, see "Managing

certificates."
To destroy an asymmetric key pair:

Step Command

1.

Enter system view.

system-view

2.

Destroy an asymmetric key pair.

public-key local destroy { dsa | rsa }

Configuring a peer public key

To enable your local host to authenticate a peer device, configure the peer RSA or DSA public key on the

local host. The following methods are available:

Import it from a public key file—Obtain a copy of the peer public key file through FTP or TFTP (in
binary mode) first, and then import the public key from the file. During the import process, the

system automatically converts the public key to a string in PKCS (Public Key Cryptography
Standards) format. H3C recommends that you follow this method to configure the peer public key.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: