8
Type
Default name
ECDSA
ecdsakey
Usage guidelines
The key algorithm must be the same as required by the security application.
When you create an RSA or DSA key pair, enter an appropriate key modulus length at the prompt.
The longer the key modulus length, the higher the security, and the longer the key generation time.
When you create an ECDSA key pair, choose the appropriate elliptic curve. The elliptic curve
determines the ECDSA key length. The longer the key length, the higher the security, and the longer
the key generation time.
for more information about key modulus lengths and key lengths.
If you do not assign the key pair a name, the system assigns the default name to the key pair and
marks the key pair as
default
. You can also assign the default name to another key pair, but the
system does not mark the key pair as
default
. The name of a key pair must be unique among all
manually named key pairs that use the same key algorithm. If a name conflict occurs, the system
asks whether you want to overwrite the existing key pair.
The key pairs are automatically saved and can survive system reboots.
Table 5 A comparison of different types of asymmetric key algorithms
Type
Generated key pairs
Modulus/key length
RSA
•
In non-FIPS mode:
One host key pair, if you specify a key
pair name.
One server key pair and one host key
pair, if you do not specify a key pair
name.
Both key pairs use their default names.
•
In FIPS mode: One host key pair.
NOTE:
Only SSH 1.5 uses the RSA server key pair.
RSA key modulus length:
•
In non-FIPS mode: 512 to 4096 bits,
1024 bits by default.
To ensure security, use a minimum of
768 bits.
•
In FIPS mode: A multiple of 256 bits in
the range of 2048 to 4096 bits, 2048
bits by default.
DSA
One host key pair.
DSA key modulus length:
•
In non-FIPS mode: 512 to 2048 bits,
1024 bits by default.
To ensure security, use a minimum of
768 bits.
•
In FIPS mode: 2048 bits.
ECDSA
One host key pair.
ECDSA key length:
•
In non-FIPS mode: 192, 256, 384, or
521 bits.
•
In FIPS mode: 256, 384, or 521 bits.
Examples
# Create local RSA key pairs with default names.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key modulus is (512 ~ 4096).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...