Sunday, February 1, 2015

A peek at cisco ASA & IOS software authenticity + digital signature checks

Here's a quick means for  signature and authenticity checks in cisco ASA software.  1st to get an ideal of the running code you can execute the following cmd.

show software  authenticity  running

NOTE: you don't have to be in enable to execute this cmd

To see keys and certificate details;

As you can see, cisco implements digitally signed software on cisco routers, you have the option to verify any image running or stored within local flash

e.g ( Here's a cisco 6509E L2/3 switch  )

show software authenticity file bootdisk:<filename>

This also allows for you to verify the digital signature before loading the code

As indicated by the show outputs,  all certificates uses a 2048bit  RSA public-key. The private-key is always private.

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       /  \

No comments:

Post a Comment