public-key local destroy
Use public-key local destroy to destroy local key pairs.
Syntax
public-key local destroy { dsa | ecdsa | rsa } [ name key-name ]
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dsa: Specifies the DSA key pair type.
ecdsa: Specifies the ECDSA key pair type.
rsa: Specifies the RSA key pair type.
name key-name: Specifies a local key pair by its name, a case-insensitive string of 1 to 64 characters. Valid characters are letters, digits, and hyphens (-). If you do not specify a key pair, this command destroys all key pairs of the specified type.
Usage guidelines
To avoid key compromise, destroy the local key pair and generate a new pair after any of the following conditions occurs:
An intrusion event has occurred.
The storage media of the device is replaced.
The local certificate has expired. For more information about local certificates, see Security Configuration Guide.
Examples
# Destroy the local RSA key pairs with the default names.
<Sysname> system-view [Sysname] public-key local destroy rsa Confirm to destroy the key pair? [Y/N]:y
# Destroy the local DSA key pair with the default name.
<Sysname> system-view [Sysname] public-key local destroy dsa Confirm to destroy the key pair? [Y/N] :y
# Destroy the local ECDSA key pair with the default name.
<Sysname> system-view [Sysname] public-key local destroy ecdsa Confirm to destroy the key pair? [Y/N]:y
# Destroy the local RSA key pair rsa1.
<Sysname> system-view [Sysname] public-key local destroy rsa name rsa1 Confirm to destroy the key pair? [Y/N]:y
# Destroy the local DSA key pair dsa1.
<Sysname> system-view [Sysname] public-key local destroy dsa name dsa1 Confirm to destroy the key pair? [Y/N] :y
# Destroy the local ECDSA key pair ecdsa1.
<Sysname> system-view [Sysname] public-key local destroy ecdsa name ecdsa1 Confirm to destroy the key pair? [Y/N]:y
Related commands
public-key local create