Asymmetric Key Algorithm Applications; Configuring The Local Asymmetric Key Pair; Creating An Asymmetric Key Pair - H3C S9500E Series Security Configuration Manual

Routing switches

Hide thumbs Also See for S9500E Series:

Configuration manual (459 pages)

Command reference manual (225 pages)

Installation manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

Table of Contents

Asymmetric key algorithm applications

Asymmetric key algorithms can be used for encryption and digital signature:

•

Encryption: The sender uses the public key of the intended receiver to encrypt the information

to be sent. Only the intended receiver, the holder of the paired private key, can decrypt the

information. This mechanism ensures confidentiality.

•

Digital signature: The sender "signs" the information to be sent by encrypting the information

with its own private key. A receiver decrypts the information with the sender's public key and,

based on whether the information can be decrypted, determines the authenticity of the

information.

The Revest-Shamir-Adleman Algorithm (RSA), Digital Signature Algorithm (DSA), and Elliptic Curve

Digital Signature Algorithm (ECDSA) are all asymmetric key algorithms. RSA can be used for data

encryption and signature, whereas DSA and ECDSA are used for signature only.

Symmetric key algorithms are often used to encrypt/decrypt data for security. Asymmetric key algorithms

are usually used in digital signature applications for peer identity authentication because they involve

complex calculations and are time-consuming. In digital signature applications, only the digests, which are

relatively short, are encrypted.

Configuring the local asymmetric key pair

You can create and destroy a local asymmetric key pair, and export the host public key of a local

asymmetric key pair.

Creating an asymmetric key pair

Follow these steps to create an asymmetric key pair:

To do...

Enter system view

Create a local DSA key pair, or

RSA key pairs

The configuration of the public-key local create command can survive a reboot.

•

The public-key local create rsa command generates two key pairs: one server key pair and one

•

host key pair. Each key pair consists of a public key and a private key.

The length of an RSA key modulus is in the range 512 to 2048 bits. After entering the public-key local

•

create rsa command, you will be required to specify the modulus length. For security, a modulus of at

least 768 bits is recommended.

The public-key local create dsa command generates only one key pair, that is, the host key pair.

•

Use the command...

system-view

public-key local create {

dsa | rsa }

111

Remarks

—

Required

By default, there is no such key pair.

Table of Contents

Asymmetric Key Algorithm Applications; Configuring The Local Asymmetric Key Pair; Creating An Asymmetric Key Pair - H3C S9500E Series Security Configuration Manual

Asymmetric key algorithm applications

Configuring the local asymmetric key pair

Creating an asymmetric key pair

Troubleshooting

Related Manuals for H3C S9500E Series

Related Content for H3C S9500E Series

Table of Contents