1-2
z
Encryption/decryption: The information encrypted with a receiver's public key can be decrypted by
the receiver possessing the corresponding private key. This is used to ensure confidentiality.
z
Digital signature: The information encrypted with a sender's private key can be decrypted by
anyone who has access to the sender's public key, thereby proving that the information is from the
sender and has not been tampered with. For example, user 1 adds a signature to the data using the
private key, and then sends the data to user 2. User 2 verifies the signature using the public key of
user 1. If the signature is correct, the data is considered from user 1.
Revest-Shamir-Adleman Algorithm (RSA), and Digital Signature Algorithm (DSA) are all asymmetric
key algorithms. RSA can be used for data encryption/decryption and signature, whereas DSA are used
for signature only.
Asymmetric key algorithms are usually used in digital signature applications for peer identity
authentication because they involve complex calculations and are time-consuming; symmetric key
algorithms are often used to encrypt/decrypt data for security.
Configuring the Local Asymmetric Key Pair
You can create and destroy a local asymmetric key pair, and export the host public key of a local
asymmetric key pair.
Creating an Asymmetric Key Pair
Follow these steps to create an asymmetric key pair:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a local DSA , or
RSA key pairs
public-key local create
{
dsa
|
rsa
}
Required
By default, there is no such key pair.