Key Management
The Public Key Infrastructure (PKI) manages encryption and identity information
such as public keys and certificates. It consists of the following
components:
■ Peer devices that need to communicate securely.
■ Digital certificates that validate the peer’s identity and transmit their
public key.
■ Certificate authorities (CA), also known as trustpoints, that grant,
manage, and revoke certificates. This could be a third-party CA or an
internal one. Cisco has a Cisco IOS Certificate Server.
■ Optional registration authorities (RA) that handle certificate enrollment
requests.
■ A way to distribute Certificate Revocation Lists (CRL), such as HTTP
or Lightweight Directory Access Protocol (LDAP).
PKI credentials, such as RSA keys and digital certificates, can be stored in a
router’s nonvolatile random-access memory (NVRAM). They can also be
stored in USB eTokens on routers that support them.