Public-Key Local Create - H3C MSR Series Command Reference Manual

public-key local create

Use public-key local create to create local key pairs.
Syntax
In non-FIPS mode:
public-key local create { dsa | ecdsa [ secp192r1 | secp256r1 | secp384r1 ] | rsa } [ name
key-name ]
In FIPS mode:
public-key local create { dsa | ecdsa [ secp256r1 | secp384r1 ] | rsa } [ name key-name ]
Default
No local key pairs exist.
Views
System view
Predefined user roles
network-admin
Parameters
dsa: Specifies the DSA key pair type.
ecdsa: Specifies the ECDSA key pair type.
•
secp192r1: Uses the secp192r1 curve to create a 192-bit ECDSA key pair. The secp192r1
curve is used by default in non-FIPS mode.
•
secp256r1: Uses the secp256r1 curve to create a 256-bit ECDSA key pair. The secp256r1
curve is used by default in FIPS mode.
•
secp384r1: Uses the secp384r1 curve to create a 384-bit ECDSA key pair.
rsa: Specifies the RSA key pair type.
name key-name: Assigns a name to the key pair. The key-name argument is a case-insensitive
string of 1 to 64 characters. Valid characters are letters, digits, and hyphens (-). If you do not assign
a name to the key pair, the key pair takes the default name.
Table 55 Default local key pair names
Type
RSA
DSA
ECDSA
Usage guidelines
The key algorithm must be the same as required by the security application.
When you create an RSA or DSA key pair, enter an appropriate key modulus length at the prompt.
The longer the key modulus length, the higher the security, the longer the key generation time.
When you create an ECDSA key pair, choose the appropriate elliptic curve. The elliptic curve
determines the ECDSA key length. The longer the key length, the higher the security, the longer the
key generation time.
See Table 56 for more information about key modulus lengths and key lengths.
Default name
•
Host key pair: hostkey
•
Server key pair: serverkey
dsakey
ecdsakey
439