HP MSR2000/3000/4000 Router Series Security Command Reference
189
Use undo public-key to remove the configuration.
Syntax
public-key dsa name key-name [ length key-length ]
undo public-key
Default
No key pair is specified.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
name key-name: Specifies a key pair by its name, a case-insensitive string of 1 to 64 characters, which
can include only letters, digits, and hyphen (-).
length key-length: Specifies the key length, in bits. In non-FIPS mode, the key length is in the range of 512
to 2048 and defaults to 1024. In FIPS mode, the key length is fixed to 2048. A longer key means higher
security but more public key calculation time.
Usage guidelines
You can specify a nonexistent key pair in this command. A key pair can be obtained in any of the
following ways:
• Use the public-key local create command to generate a key pair.
• An application, like IKE using digital signature authentication, triggers to generate a key pair
• Use the pki import command to import a certificate containing a key pair.
A PKI domain can have key pairs using only one type of cryptographic algorithms (DSA or RSA). If DSA
is used, a PKI domain can have only one key pair. If RSA is used, a PKI domain can have two key pairs:
one is the signing key pair, and the other is the encryption key pair. In a PKI domain, key pairs for
different purposes (RSA signing and RSA encryption) do not overwrite each other. For DSA, the most
recent configuration takes effect.
The specified length is effective on only a key pair to be generated. If the device already has a key pair
or a key pair is contained in an imported certificate, using this command to specify the key length for the
key pair does not take effect.
Examples
# Specify the DSA key pair abc with the key length 2048 bits for certificate request.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] public-key dsa name abc length 2048
Related commands
• pki import
• public-key local create (see Security Command Reference)