Specifying Peer RSA Public Keys

Unanswered Question
Dec 6th, 2007
User Badges:

I have an IPSec Tunnel running between a 2851 and an 1841 using Pre-Shared Keys. I would like to use RSA-Signature authentication as we expand into more tunnels with more sites.

I created a key-pair using:

crypto key generate rsa general-keys modulus 2048 on each router.

I then followed the procedure for creating the trust point and enrolled each router with the CA. I successfully authenticated the CA and obtained certificates for the routers. The IKE Security Protocol document states that "RSA Signatures requires that each peer has the remote peer's public signature Key"

I can display each router's public key with the "sh crypto key mypubkey rsa" command and then attempt to add the peer's public key using "crypto key public-chain rsa" When I get to the stage where I am asked to:

Enter a public key as a hexidecimal number: I paste the peer's key, however it does not take the full key. I had first copied the key into a text editor and removed the spaces and line breaks.

Is this the correct procedure for exchanging public keys? Is a modulus of 2048 too long?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sshantzcisco Thu, 12/06/2007 - 09:37
User Badges:

I found the answer to my problem. After specifying the key-string command, you can enter a return. So I pasted the key in sections with a return after each section and then a quit after it was all pasted.



This Discussion