432
Related commands
pki import
public-key local create
public-key ecdsa
Use
public-key ecdsa
to specify an ECDSA key pair for certificate request.
Use
undo public-key
to restore the default.
Syntax
In non-FIPS mode:
public-key ecdsa name
key-name
[
secp192r1
|
secp256r1
|
secp384r1
|
secp521r1
]
undo public-key
In FIPS mode:
public-key ecdsa name
key-name
[
secp256r1
|
secp384r1
|
secp521r1
]
undo public-key
Default
No key pair is specified for certificate request.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
name
key-name
: Specifies a key pair by its name, a case-insensitive string of 1 to 64 characters.
The key pair name can contain only letters, digits, and hyphens (-).
secp192r1
: Uses the secp192r1 curve to generate the key pair. The secp192r1 curve is used by
default in non-FIPS mode.
secp256r1
: Uses the secp256r1 curve to generate the key pair. The secp256r1 curve is used by
default in FIPS mode.
secp384r1
: Uses the secp384r1 curve to generate the key pair.
secp521r1
: Uses the secp521r1 curve to generate the key pair.
Usage guidelines
You can specify a nonexistent key pair for a PKI domain.
A key pair can be obtained in any of the following ways:
•
Use the
public-key local create
command to generate a key pair.
•
An application triggers the device to generate a key pair.
•
Use the
pki import
command to import a certificate containing a key pair.
A PKI domain can have key pairs using only one type of cryptographic algorithm (DSA, ECDSA, or
RSA).
If you configure an ECDSA key pair for a PKI domain multiple times, the most recent configuration
takes effect.