If I configure a trustpoint with enrollment as "self" and enroll it, the generated rsa keys shows storage location as "Storage Device: not specified"
crypto pki trustpoint self enrollment selfsigned revocation-check crl on flash: With regards Kings On Tue, Sep 21, 2010 at 5:29 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > > > When we create RSA keys without storage location, the location is nothing. > After I issue a "wr mem" the keys are stored in the private-config file that > > > is present in the nvram. The pro > > > > router3#sh crypto key mypubkey rsa > % Key pair was generated at: 11:40:19 UTC Sep 21 2010 > Key name: TP-self-signed-1104275031 > *Storage Device: not specified* > Usage: General Purpose Key > Key is not exportable. > Key Data: > 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00AD890E > C102E654 76405AE5 D14372C8 227B9FEB 3E79A8D6 BB999B47 4B13041B AB07308C > CD7E1CF1 4F16FBD7 D8EC605D 0890336C E64F7596 11B77A5D 98BA77E1 B52745A9 > 53C61A64 05C46D16 A5BE68CD 2F61D639 9692EA69 CB112C00 22FEB988 CD67C073 > B25AB5DF F6895460 CDAE424E FC0898CD 0E07E12C CA16FBF0 AC086606 65020301 > 0001 > % Key pair was generated at: 11:40:21 UTC Sep 21 2010 > Key name: TP-self-signed-1104275031.server > Temporary key > Usage: Encryption Key > Key is not exportable. > Key Data: > 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00CBE2FD 5440F579 > 073C3B9B 1A5DE0A4 0742B3C1 12451E15 E5592B0B FD7A8E97 F896A325 7CE09285 > 3A8F6BAE 3377B387 80C21573 A1417E8A 45B9C3E7 8767791C 0C261246 0CB465C3 > 2076A5B4 3BC1568F 53284B8B 7618EB64 AAA58072 AC590867 BF020301 0001 > router3#wr mem > Building configuration... > > [OK] > > > router3#sh crypto key mypubkey rsa > % Key pair was generated at: 11:40:19 UTC Sep 21 2010 > Key name: TP-self-signed-1104275031 > *Storage Device: private-config* > Usage: General Purpose Key > Key is not exportable. > Key Data: > 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00AD890E > C102E654 76405AE5 D14372C8 227B9FEB 3E79A8D6 BB999B47 4B13041B AB07308C > CD7E1CF1 4F16FBD7 D8EC605D 0890336C E64F7596 11B77A5D 98BA77E1 B52745A9 > 53C61A64 05C46D16 A5BE68CD 2F61D639 9692EA69 CB112C00 22FEB988 CD67C073 > B25AB5DF F6895460 CDAE424E FC0898CD 0E07E12C CA16FBF0 AC086606 65020301 > 0001 > % Key pair was generated at: 11:40:21 UTC Sep 21 2010 > Key name: TP-self-signed-1104275031.server > Temporary key > Usage: Encryption Key > Key is not exportable. > Key Data: > 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00CBE2FD 5440F579 > 073C3B9B 1A5DE0A4 0742B3C1 12451E15 E5592B0B FD7A8E97 F896A325 7CE09285 > 3A8F6BAE 3377B387 80C21573 A1417E8A 45B9C3E7 8767791C 0C261246 0CB465C3 > 2076A5B4 3BC1568F 53284B8B 7618EB64 AAA58072 AC590867 BF020301 0001 > > > > I am trying to save the keys to flash but it fails. > > > > router3(config)#crypto key generate rsa storage flash: > The name for the keys will be: router3.router3.com > Choose the size of the key modulus in the range of 360 to 2048 for your > General Purpose Keys. Choosing a key modulus greater than 512 may take > a few minutes. > > How many bits in the modulus [512]: > *Device flash is not a valid storage location for for cryptographic > keypairs* > > crypto_lib_keypair_get failed to get router3.router3.com > > crypto_lib_keypair_get failed to get router3.router3.com > > > > > > It seems flash is not secure location for saving the private keys as it can > accessed by anyone. The "private-config" can't be accessed by the user, > please > > have a loog below: > > > > router3#more nvram:private-config > %Error opening nvram:private-config (Permission denied) > > > > > > May USB token is a valid device to store the RSA keys. > > > > > > Please let me know your thoughts? > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
