Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
321322323324325326327328329330
316
Task Remarks
Configuring a local
asymmetric key pair on the
local device
916H
Creating a local asymmetric key pair
Choose one or more
tasks.
917H
Displaying or exporting the local host public key
918H
Destroying a local asymmetric key pair
919H
Specifying the peer public key on the local device
58B
Creating a local asymmetric key pair
When you create an asymmetric key pair on the local device, follow these guidelines:
Create an asymmetric key pair of the proper type to work with a target application.
After you enter the command, specify a proper modulus length for the key pair. The following table
compares these types of key pairs.
In FIPS mode, the DSA key modulus length is at least 1024 bits, and the RSA key modulus length must be
2048 bits.
Table 30 A comparison between different types of asymmetric key pairs
T
yp
e Number of ke
y
p
airs
Modulus len
g
th
Remarks
RSA
Two key pairs, one server key pair and one
host key par. Each key pair comprises a
public key and a private key
512 to 2048 bits.
1024 by default.
To achieve high
security, specify at least
768 bits.
DSA One key pair, the host key pair
512 to 2048 bits.
1024 by default.
IMPORTANT:
Only SSH1.5 uses the RSA server key pair.
To create a local asymmetric key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a local
asymmetric key pair.
public-key local create { dsa
| rsa }
By default, no asymmetric key pair is created.
Key pairs created with this command are saved
automatically and can survive system reboots.
59B
Displaying or exporting the local host public key
In some applications, such as SSH, to allow your local device to be authenticated by a peer device
through digital signature, you must display or export the local host public key, which will then be
specified on the peer device.
To display or export the local host public key, choose one of the following methods:
920HDisplaying and recording the host public key information
921HDisplaying the host public key in a specific format and saving it to a file
922HExporting the host public key in a specific format to a file