This blog post discusses extracting a private key from Cisco IOS’s private-config file. I recently generated a keypair on an IOS router and had forgot to flag it as “exportable”, making it difficult to backup. As the key-pair was used for IPSec authentication it was an important key to backup.
The first step is to recover private-config from the device, which I’m not going to cover in this post. Opening the file in a text editor, locate the section that begins “crypto RSA-key-pair” and save the hexadecimal values to a text file, the section will look like this:
crypto RSA-key-pair MyKey 0 1440004978 308204BC 02010030 0D06092A 864886F7 0D010101 05000482 04A63082 04A20201 00028201 0100DE8D 63241465 57356A77 57FC2C3D BBDD8454 F25B6B1A DB487C6D AA0C1157 F665AF18 08EFC785 C23D3185 06F3D51A 42C94F06 5A97756A C83693C6 ...
When saving to a text file, omit the section beginning “crypto RSA-key-pair”, only the hexadecimal values are required.
Continue reading Extract private key from Cisco private-config