R2511-HP MSR Router Series Security Configuration Guide(V5)
271
Hardware FIPS mode
MSR20 Yes.
MSR30 Yes (except the MSR30-16).
MSR50 Yes.
MSR1000 Yes.
Configuration task list
Public key configuration tasks enable you to manage the local asymmetric key pairs and configure the
peer host public keys on the local device. By completing these tasks, the local device is ready to work
with applications such as SSH and SSL to implement data encryption/decryption, or digital signature.
Complete these tasks to configure public keys:
Task Remarks
Configuring a local
asymmetric key pair on the
local device
Creating a local asymmetric key pair
C
hoose one or more
tasks.
Displaying or exporting the local host public key
Destroying a local asymmetric key pair
Configuring the local RSA key pair for certificate
request
Exporting an RSA key pair
Importing an RSA key pair
Specifying the peer public key on the local device
Creating a local asymmetric key pair
When you create a local key pair, follow these guidelines:
• The key algorithm must be the same as that required by the security application.
• The key modulus length must be appropriate (see Table 16)
. The longer the key modulus length, the
higher the security, the longer the key generation time.
• The name of a key pair must be unique among all manually named key pairs that use the same key
algorithm, but can be the same as a key pair that uses a different key algorithm. If a name conflict
occurs, the system asks whether you want to overwrite the existing key pair.
• The key pairs are automatically saved and can survive system reboots.