HP FlexNetwork MSR Series Command Reference Manual page 405
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
When you create an RSA or DSA key pair, enter an appropriate key modulus length at the prompt.
The longer the key modulus length, the higher the security, the longer the key generation time.
When you create an ECDSA key pair, choose the appropriate elliptic curve. The elliptic curve
determines the ECDSA key length. The longer the key length, the higher the security, the longer the
key generation time.
See
Table 46
If you do not assign the key pair a name, the system assigns the default name to the key pair and
marks the key pair as default. You can also assign the default name to another key pair, but the
system does not mark the key pair as default. The name of a key pair must be unique among all
manually named key pairs that use the same key algorithm. If a name conflict occurs, the system
asks whether you want to overwrite the existing key pair.
The key pairs are automatically saved and can survive system reboots.
Table 46 A comparison of different types of asymmetric key algorithms
Type
RSA
DSA
ECDSA
Examples
# Create local RSA key pairs with default names.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
...++++++
.++++++
..++++++++
....++++++++
for more information about key modulus lengths and key lengths.
Generated key pairs
•
In non-FIPS mode:
One host key pair, if you specify a key
pair name.
One server key pair and one host key
pair, if you do not specify a key pair
name.
Both key pairs use their default names.
•
In FIPS mode: One host key pair.
NOTE:
Only SSH 1.5 uses the RSA server key pair.
One host key pair.
One host key pair.
Modulus/key length
•
•
•
•
•
•
387
In non-FIPS mode: 512 to 2048 bits,
1024
bits
by
To ensure security, use a minimum
of 768 bits.
In FIPS mode: 2048 bits.
In non-FIPS mode: 512 to 2048 bits,
1024
bits
by
To ensure security, use a minimum
of 768 bits.
In FIPS mode: 2048 bits.
In non-FIPS mode: 192, 256, or 384
bits.
The default is 192 bits.
In FIPS mode: 256 or 384 bits.
The default is 256 bits.
default.
default.
Advertisement
