Allied Telesis AT-S63 User Manual

Page 672

background image

Chapter 39: Encryption Key Commands

672

Section IX: Management Security

Syntax 1 Examples

This example creates a key with the ID of 12 and a length of 512 bits:

create enco key=12 type=rsa length=512

This example creates a key with the ID of 4, a length of 1024 bits, and a
description of “Switch12a encryption key”:

create enco key=4 type=rsa length=1024
description="Switch12a encryption key"

Syntax 2 Description

Syntax 2 is used to import and export public encryption keys. You can
import a public key from the AT-S63 file system to the key database or
vice versa.

The only circumstance in which you are likely to use this command is if
you are using an SSH client that does not download the key automatically
when you start an SSH management session. In that situation, you can
use this procedure to export the SSH client key from the key database into
the AT-S63 file system, from where you can upload it onto the SSH
management session for incorporation in your SSH client software.

You should not use this command to export an SSL public key. Typically,
an SSL public key only has value when incorporated into a certificate or
enrollment request.

The KEY parameter specifies the identification number for the key. The
range is 0 to 65,535. To import a public key from the file system to the key
database, the key ID must be unused; it cannot already be assigned to
another key pair. Importing a public key to the database assumes that you
have already stored the public key in the file system.

If you are exporting a public key from the key database to the file system,
the KEY parameter should specify the ID of the key that you want to
export. Only the public key of a key pair is exported to the file system. You
cannot export a private key.

The TYPE parameter specifies the type of key to be imported or exported.
The only option is RSA.

The FILE parameter specifies the filename of the encryption key. The
filename must include the “.key” extension. If you are exporting a key from
the key database to the file system, the filename must be unique from all
other files in the file system. If you are importing a key, the filename should
specify the name of the file in the file system that contains the key you
want to import into the key database.

The DESCRIPTION parameter specifies a user-defined description for the