Destroying A Local Key Pair; Configuring A Peer Host Public Key; Importing A Peer Host Public Key From A Public Key File - HPE FlexNetwork 5510 HI Series Security Configuration Manual

Task
Display local RSA public keys.
Display local ECDSA public keys.
(Available in Release 1121 and later.)
Display local DSA public keys.
NOTE:
Do not distribute the RSA server public key serverkey (default) to a peer device.

Destroying a local key pair

To avoid key compromise, destroy a local key pair and generate a new pair after any of the following
conditions occurs:
•
An intrusion event has occurred.
•
The storage media of the device is replaced.
•
Local certificate has expired. For more information about the local certificate, see
PKI."
To destroy a local key pair:
Step
1. Enter system view.
2. Destroy a local key pair.

Configuring a peer host public key

To encrypt information sent to a peer device or authenticate the digital signature of the peer device,
you must configure the peer device's public key on the local device.
You can configure the peer host public key by using the following methods:
•
Import the peer host public key form a public key file (recommended).
•
Manually enter (type or copy) the peer host public key.

Importing a peer host public key from a public key file

Before you perform this task, make sure you have exported the host public key to a file on the peer
device and obtained the file from the peer device. For information about exporting a host public key,
see "Exporting a host public
After you import the key, the system automatically converts the imported public key to a string in the
Public Key Cryptography Standards (PKCS) format.
To import a peer host public key from a public key file:
Command
system-view
public-key local destroy { dsa | ecdsa | rsa } [ name
key-name ]
key."
220
Command
display public-key local rsa public [ name
key-name ]
display public-key local ecdsa public [ name
key-name ]
display public-key local dsa public [ name
key-name ]
"Configuring