Creating A Local Key Pair; Configuration Guidelines; Configuration Procedure - HP FlexFabric 5700 Series Security Configuration Manual

Creating a local key pair

Configuration guidelines

When you create a local key pair, follow these guidelines:
The key algorithm must be the same as required by the security application.
•
Enter an appropriate key modulus length at prompt (see 0). The longer the key modulus length, the
•
higher the security, the longer the key generation time.
• If you do not assign the key pair a name, the system assigns the default name to the key pair and
marks the key pair as default. You can also assign the default name to another key pair, but the
system does not mark the key pair as default. The name of a key pair must be unique among all
manually named key pairs that use the same key algorithm. If a name conflict occurs, the system
asks whether you want to overwrite the existing key pair.
The key pairs are automatically saved and can survive system reboots.
•
Table 17 A comparison of different types of asymmetric key pairs
Type
RSA
DSA
ECDSA

Configuration procedure

To create a local key pair:
Number of key pairs
•
In non-FIPS mode:
One host key pair, if you specify a key
pair name.
One server key pair and one host key
pair, if you do not specify a key pair
name.
Both key pairs use their default names.
•
In FIPS mode: one host key pair.
NOTE:
Only SSH 1.5 uses the RSA server key pair.
One host key pair.
One host key pair.
Modulus length
•
In non-FIPS mode: 512 to 2048 bits and
defaults to 1024 bits.
HP recommends using 768 bits or longer.
•
In FIPS mode: 2048 bits.
•
In non-FIPS mode: 512 to 2048 bits and
defaults to 1024 bits.
HP recommends using 768 bits or longer.
•
In FIPS mode: 2048 bits.
•
192 bits, when the secp192r1 curve is
used to create the key pair.
•
256 bits, when the secp256r1 curve is
used to create the key pair.
207