Public-Key Ecdsa - HP 5920 Command Reference Manual

• Use the pki import command to import a certificate containing a key pair.
A PKI domain can have key pairs using only one type of cryptographic algorithms (DSA, ECDSA, or RSA).
If DSA or ECDSA is used, a PKI domain can have only one key pair. If RSA is used, a PKI domain can
have two key pairs: one is the signing key pair, and the other is the encryption key pair. In a PKI domain,
key pairs for different purposes (RSA signing and RSA encryption) do not overwrite each other. For DSA
or ECDSA, the most recent configuration takes effect.
The specified length is effective on only a key pair to be generated. If the device already has a key pair
or a key pair is contained in an imported certificate, using this command to specify the key length for the
key pair does not take effect.
Examples
# Specify the DSA key pair abc with the key length 512 bits for certificate request.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] public-key dsa name abc length 512
Related commands
pki import
•
public-key local create (see Security Command Reference)
•

public-key ecdsa

Use public-key ecdsa to specify an ECDSA key pair for certificate request.
Use undo public-key to remove the configuration.
Syntax
public-key ecdsa name key-name
undo public-key
Default
No key pair is specified.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
name key-name: Specifies a key pair by its name, a case-insensitive string of 1 to 64 characters, which
can include only letters, digits, and hyphen (-).
Usage guidelines
You can specify a nonexistent key pair in this command. A key pair can be obtained in any of the
following ways:
219