112• The length of a DSA key modulus is in the range 512 to 2048 bits. After entering the public-key localcreate dsa command, you will be required to specify the modulus length. For security, a modulus of atleast 768 bits is recommended.Displaying or exporting the local RSA or DSA host publickeyDisplay the local RSA or DSA host public key on the screen or export it to a specified file. Then,you can configure the local RSA or DSA host public key on the remote end so that the remote endcan use the host public key to authenticate the local end through digital signature.Follow these steps to display or export the local RSA or DSA host public key:To do… Use the command… Remarks1. Enter system view system-view —2. Display the local RSA host public keyon the screen in a specified format, orexport it to a specified filepublic-key local export rsa {openssh | ssh1 | ssh2 } [filename ] Select a commandaccording to the type ofthe key to be exported.3. Display the local DSA host public keyon the screen in a specified format, orexport it to a specified filepublic-key local export dsa {openssh | ssh2 } [ filename ]Support for the public-key local export dsa command depends on the device model.Destroying an asymmetric key pairAn asymmetric key pair may expire or leak. In this case, you need to destroy it and generate anew pair.Follow these steps to destroy an asymmetric key pair:To do… Use the command… Remarks1. Enter system view system-view —2. Destroy an asymmetric key pair public-key local destroy { dsa | rsa } RequiredConfiguring the public key of a peerTo authenticate the remote host, you need to configure the RSA or DSA public key of that peer onthe local host.To configure the public key of the peer, you can:• Configure it manually: You can input or copy the public key of the peer to the local host. Thecopied public key must have not been converted and be formatted in the distinguishedencoding rules (DER) encoding format.