R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
152
[Sysname-pkey-key-code] public-key-code end
[Sysname-pkey-public-key]
public-key local create
Syntax
public-key local create { dsa | rsa }
View
System view
Default level
2: System level
Parameters
dsa: Specifies a DSA key pair.
rsa: Specifies an RSA key pair.
Description
Use public-key local create to create local key pairs. The created local key pairs are saved automatically,
and can survive a reboot.
When using this command to create DSA or RSA key pairs, you will be prompted to provide the length
of the key modulus. The modulus length is in the range 512 to 2048 bits, and defaults to 1024 bits. If the
type of key pair already exists, the system will ask you whether you want to overwrite it.
In FIPS mode, the DSA key modulus must be no less than 1024 bits, and the RSA key modulus must be
2048 bits.
The following matrix shows the feature and firewall compatibility:
Feature F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
FIPS No No No Yes
Related commands: public-key local destroy and display public-key local public.
Examples
# Create local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++
++++++
++++++++
++++++++
# Create a local DSA key pair.