Table of Contents
Advertisement
Chapter 19
Public Key Infrastructure
RSA Keys
Generate new key pair(s)
OL-4015-12
You must include an RSA public key in the enrollment request. Once the
certificate has been granted, the public key will be included in the certificate so
that peers can use it to encrypt data sent to the router. The private key is kept on
the router and used to decrypt the data sent by peers, and also used to digitally
sign transactions when negotiating with peers.
Click this button if you want to generate a new key to use in the certificate. When
you generate a key pair, you must specify the modulus to determine the size of the
key. This new key appears in the RSA Keys window when the wizard is
completed.
Modulus
Enter the key modulus value. If you want a modulus value between 512 and 1024
enter an integer value that is a multiple of 64. If you want a value higher than
1024, you can enter 1536 or 2048. If you enter a value greater than 512, key
generation may take a minute or longer.
The modulus determines the size of the key. The larger the modulus, the more
secure the key, but keys with large modulus take longer to generate, and
encryption/decryption operations take longer with larger keys.
Generate separate key pairs for encryption and signature
By default, Cisco SDM creates a general purpose key pair that is used for both
encryption and signature. If you want Cisco SDM to generate separate key pairs
for encrypting and signing documents, check this box. Cisco SDM will generate
usage keys for encryption and signature.
Use existing RSA key pair
Click this button if you want to use an existing key pair, and select the key from
the drop-down list.
Cisco Router and Security Device Manager 2.5 User's Guide
RSA Keys
19-7
Advertisement
Table of Contents
Troubleshooting
