Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
351352353354355356357358359360
338
Table 44 Default local key pair names
T
yp
e Default name
RSA
Host key pair: hostkey
Server key pair: serverkey
DSA dsakey
Usage guidelines
The key algorithm must be the same as that required by the security application.
The key modulus length must be appropriate (see Table 45)
. A longer key modulus length value means
higher security level and longer key generation time.
The name of a key pair must be unique among all manually named key pairs that use the same key
algorithm, but can be the same as a key pair that uses a different key algorithm. If a name conflict occurs,
the system asks whether you want to overwrite the existing key pair.
Local asymmetric key pairs created in FIPS mode cannot be used in non-FIPS mode, and vice versa. You
must re-create the local asymmetric keys pairs after you switch between FIPS mode and non-FIPS mode.
The key pairs are automatically saved and can survive system reboots.
Table 45 A comparison of different types of asymmetric key pairs
Type Number of key pairs Modulus length
HP
recommendation
RSA
In non-FIPS mode:
{ If you specify the key pair name,
the command creates a host key
pair.
{ If you do not specify the key pair
name, the command creates one
server key pair and one host key
pair, and both key pairs use their
default names.
In FIPS mode:
If you do not specify a key pair name,
the command creates a host key pair
with the default name.
In non-FIPS mode:
512 to 2048 bits and
defaults to 1024 bits.
In FIPS mode:
2048 bits.
In non-FIPS mode, set
the key modulus
length to at least 768
bits.
DSA
The command creates only one host key
pair.
In non-FIPS mode:
512 to 2048 bits and
defaults to 1024 bits.
In FIPS mode:
At least 1024 bits.
In non-FIPS mode, set
the key modulus
length to at least 768
bits.
Examples
# Create local RSA key pairs with default names.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.