Destroying an asymmetric key pair – H3C Technologies H3C S7500E Series Switches User Manual

11-3

of an RSA key modulus ranges from 512 to 2048 bits. For security, a modulus of at least

768 bits is recommended.

z

The public-key local create dsa command generates only one key pair, the host key pair.

The length of a DSA key modulus ranges from 512 to 2048 bits. For security, a modulus of

at least 768 bits is recommended.

Key pairs created with the public-key local create command are saved automatically and can

survive system reboots.

Displaying or Exporting the Local RSA or DSA Host Public Key

Display the local RSA or DSA host public key on the screen or export it to a specified file. Then,

you can configure the local RSA or DSA host public key on the remote end so that the remote

end can use the host public key to authentication the local end through digital signature.

Follow these steps to display or export the local RSA or DSA host public key:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Display the local RSA host

public key on the screen in a

specified format, or export it to a

specified file

public-key local export rsa

{ openssh | ssh1 | ssh2 }

[ filename ]

Display the local DSA host

public key on the screen in a

specified format or export it to a

specified file

public-key local export dsa

{ openssh | ssh2 } [ filename ]

Select a command according to

the type of the key to be

exported.

Destroying an Asymmetric Key Pair

An asymmetric key pair may expire or leak. In this case, destroy it and generate a new pair.

Follow these steps to destroy an asymmetric key pair:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Destroy an asymmetric key pair

public-key local destroy { dsa

| rsa }

Required