R0106-HP MSR Router Series Security Configuration Guide(V7)
196
Configuring a peer public key
To encrypt information sent to a peer device or authenticate the digital signature of the peer device, you
must configure the public key of the peer device on the local device.
Table 12 Peer public key configuration methods
Method Prerequisites Remarks
Import the peer public key
from a public key file
(recommended)
3. Save the host public key in a file
on the peer device.
4. Get the file from the peer device,
for example, by using FTP or TFTP
in binary mode.
The system automatically converts
the imported public key to a string in
the Public Key Cryptography
Standards (PKCS) format.
Manually enter (type or copy)
the peer public key
Display and record the public key on
the peer device.
IMPORTANT:
If the peer device is an HP device, use
the display public-key local public
command to display the public key. The
format of the public key displayed in
any other way might be incorrect.
• If the key is not in the correct
format, the system discards the
key and displays an error
message. If the key is valid, for
example, the key displayed by
the display public-key local
public command, the system
saves the key.
• Always use the first method if you
are not sure of the format of the
recorded public key.
For information about displaying or exporting host public keys, see "Distributing a local host public key."
Importing a peer host public key from a public key file
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Import a peer host public key
from a public key file.
public-key peer keyname import sshkey
filename
By default, no peer host
public key exists.
Entering a peer public key
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a name for the peer
public key and enter public key
view.
public-key peer keyname By default, no peer host public key exists.
3. Type or copy the key.
N/A
You can use spaces and carriage returns,
but the system does not save them.
4. Return to system view.
peer-public-key end
When you exit public key view, the
system automatically saves the public
key.