To specify which peer's RSA public key you will manually configure, use the addressed-key public key chain configuration command.
addressed-key key-address [encryption | signature ]
key-address Specifies the IP address of the remote peer's RSA keys.
encryption (Optional) Indicates that the RSA public key to be specified will be an encryption special usage key.
signature (Optional) Indicates that the RSA public key to be specified will be a signature special usage key.
If neither the encryption nor signature keywords are used, general purpose keys will be specified.
Public key chain configuration. This command invokes public key configuration mode.
| Release | Modification | 11.3 T | This command was introduced. |
|---|
Use this command or the named-key command to specify which IPSec peer's RSA public key you will manually configure next.
Follow this command with the key string (IKE) command to specify the key.
If the IPSec remote peer generated general purpose RSA keys, do not use the encryption or signature keywords.
If the IPSec remote peer generated special usage keys, you must manually specify both keys: perform this command and the key-string command twice and use the encryption and signature keywords respectively.
This example manually specifies the RSA public keys of two IPSec peers. The peer at 10.5.5.1 uses general purpose keys, and the other peer uses special usage keys.
myrouter(config)# crypto key pubkey-chain rsa myrouter(config-pubkey-chain)# named-key otherpeer.domain.com myrouter(config-pubkey-key)# address 10.5.5.1 myrouter(config-pubkey-key)# key-string myrouter(config-pubkey)# 005C300D 06092A86 4886F70D 01010105 myrouter(config-pubkey)# 00034B00 30480241 00C5E23B 55D6AB22 myrouter(config-pubkey)# 04AEF1BA A54028A6 9ACC01C5 129D99E4 myrouter(config-pubkey)# 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 myrouter(config-pubkey)# BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 myrouter(config-pubkey)# D58AD221 B583D7A4 71020301 0001 myrouter(config-pubkey)# quit myrouter(config-pubkey-key)# exit myrouter(config-pubkey-chain)# addressed-key 10.1.1.2 encryption myrouter(config-pubkey-key)# key-string myrouter(config-pubkey)# 00302017 4A7D385B 1234EF29 335FC973 myrouter(config-pubkey)# 2DD50A37 C4F4B0FD 9DADE748 429618D5 myrouter(config-pubkey)# 18242BA3 2EDFBDD3 4296142A DDF7D3D8 myrouter(config-pubkey)# 08407685 2F2190A0 0B43F1BD 9A8A26DB myrouter(config-pubkey)# 07953829 791FCDE9 A98420F0 6A82045B myrouter(config-pubkey)# 90288A26 DBC64468 7789F76E EE21 myrouter(config-pubkey)# quit myrouter(config-pubkey-key)# exit myrouter(config-pubkey-chain)# addressed-key 10.1.1.2 signature myrouter(config-pubkey-key)# key-string myrouter(config-pubkey)# 0738BC7A 2BC3E9F0 679B00FE 53987BCC myrouter(config-pubkey)# 01030201 42DD06AF E228D24C 458AD228 myrouter(config-pubkey)# 58BB5DDD F4836401 2A2D7163 219F882E myrouter(config-pubkey)# 64CE69D4 B583748A 241BED0F 6E7F2F16 myrouter(config-pubkey)# 0DE0986E DF02031F 4B0B0912 F68200C4 myrouter(config-pubkey)# C625C389 0BFF3321 A2598935 C1B1 myrouter(config-pubkey)# quit myrouter(config-pubkey-key)# exit myrouter(config-pubkey-chain)# exit myrouter(config)#
| Command | Description |
|---|---|
| crypto key pubkey-chain rsa | Enters public key configuration mode (to allow you to manually specify the RSA public keys of other devices). |
| key-string (IKE) | Specifies the RSA public key of a remote peer. |
| named-key | Specifies which peer RSA public key you will manually configure. |
| show crypto key pubkey-chain rsa | Displays peer RSA public keys stored on your router. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.