R0106-HP MSR Router Series Security Command Reference(V7)
288
• If RSA is used, a PKI domain can have two key pairs: one is the signing key pair, and the other is
the encryption key pair.
• In a PKI domain, key pairs for different purposes (RSA signing and RSA encryption) do not overwrite
each other.
• For DSA, the most recent configuration takes effect.
The specified length is effective on only a key pair to be generated. If the device already has a key pair
or a key pair is contained in an imported certificate, using this command to specify the key length for the
key pair does not take effect.
Examples
# Specify the DSA key pair abc with the key length 2048 bits for certificate request.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] public-key dsa name abc length 2048
Related commands
• pki import
• public-key local create (see Security Command Reference)
public-key rsa
Use public-key rsa to specify an RSA key pair for certificate request.
Use undo public-key to remove the configuration.
Syntax
public-key rsa { { encryption name encryption-key-name [ length key-length ] | signature name
signature-key-name [ length key-length ] } * | general name key-name [ length key-length ] }
undo public-key
Default
No key pair is specified.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
encryption: Specifies a key pair for encryption.
name encryption-key-name: Specifies a key pair name, a case-insensitive string of 1 to 64 characters,
which can include only letters, digits, and hyphen (-).
signature: Specifies a key pair for signing.
name signature-key-name: Specifies a key pair name, a case-insensitive string of 1 to 64 characters,
which can include only letters, digits, and hyphen (-).
general: Specifies a key pair for both signing and encryption.
name key-name: Specifies a key pair name, a case-insensitive string of 1 to 64 characters, which can
include only letters, digits, and hyphen (-).