If the pub key is used to encrypt, then we can use the private key to decrypt
If the priv key is used to encrypt, then we can use the pub key to decrypt. With regards Kings On Wed, Feb 17, 2010 at 1:39 PM, Stuart Hare <[email protected]> wrote: > Kings, > > I never tried it without generating a key, but its noted as a pre-requisite > in the documentation. > If it does work without they may just be adding it to conform with the RSA > Public/Private key pair model. > > Confusing thing for me in this case is that a public key is used to encrypt > not decrypt, unless they are combined in the chain here. > > Stu > > Prerequisites for Cisco IOS 5.x Format Signatures with Cisco IOS IPS > > System and Image Requirements for Cisco IOS IPS 5.x > > •Cisco IOS IPS signature categories are available in two formats—Basic and > Advanced. > > •Cisco IOS IPS system requirements depend on the type of deployment, the > bandwidth requirements, and security requirements. The larger the number of > signatures, the larger the amount of memory consumed. > > •*You must generate a RSA crypto key and load the public signature on your > router for signature decryption*. > > This following cisco public key configuration can be cut and pasted > directly into your router configuration: > > crypto key pubkey-chain rsa > > named-key realm-cisco.pub signature > > key-string > 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 > 00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 > 17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 > B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E > 5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 > FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 > 50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 > 006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE > 2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 > F3020301 0001 > quit > > > > On Tue, Feb 16, 2010 at 2:20 PM, Kingsley Charles < > [email protected]> wrote: > >> Hi all >> >> As a pre-requisite, why do we need to generate RSA keys for IOS IPS. Cisco >> encrypts the signature package and the realm.cisco.pum that will be >> configured on the router >> will decrypt the IOS CLI package. >> >> On my router, the IOS package is decrypted successfully with the realm key >> alone without generating crypto rsa key. >> >> >> Am I missing something here? >> >> >> >> >> >> >> With regards >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > > > -- > Regards, > > Stuart Hare > CCIE #25616 (Security), CCSP, Microsoft MCP > Sr. Support Engineer – IPexpert, Inc. > URL: http://www.IPexpert.com <http://www.ipexpert.com/> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
