R3303-HP HSR6800 Routers Security Configuration Guide
208
After you export the host public key in a specific format to a file, transfer the file to the peer device.
Destroying a local asymmetric key pair
You might have to destroy a local asymmetric key pair and generate a new pair when an intrusion event
has occurred, the storage media of the device is replaced, the asymmetric key has been used for a long
time, or the local certificate expires. For more information about the local certificate, see "Configuring
PKI."
To destroy a local asymmetric key pair:
Ste
p
Command
1. Enter system view.
system-view
2. Destroy a local asymmetric key pair.
public-key local destroy { dsa | rsa } [ name key-name ]
Exporting an RSA key pair
To copy a local RSA key pair to another device, you must export the RSA key pair on the local device and
then import it to the target router. For information about importing an RSA key pair, see "Importing an
R
SA key pair."
To export an RSA key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Export an RSA key pair in
PEM format.
public-key local export rsa name
key-name pem { 3des-cbc |
aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | des-cbc } password
The command displays the public
key and private key of the
exported RSA key pair in PEM
format on the terminal. The
private key is encrypted using the
encryption algorithm and
password specified in the
command.
You cannot export the default
RSA key pair.
Importing an RSA key pair
After you export an RSA key pair on a device, you can import the key pair to another device.
To import an RSA key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A