Configuring the local asymmetric key pair, Creating an asymmetric key pair – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 274

260

•

Digital signature—The sender "signs" the information to be sent by encrypting the information with

its own private key. A receiver decrypts the information with the sender's public key and, based on
whether the information can be decrypted, determines the authenticity of the information.

The Revest-Shamir-Adleman Algorithm (RSA) is an asymmetric key algorithm, and can be used for data

encryption/decryption and signature.

NOTE:

Symmetric key algorithms are often used to encrypt/decrypt data for security. Asymmetric key algorithms
are usually used in digital signature applications for peer identity authentication because they involve

complex calculations and are time-consuming. In digital signature applications, only the digests, which

are relatively short, are encrypted.

Configuring the local asymmetric key pair

You can create and destroy a local asymmetric key pair, and export the host public key of a local
asymmetric key pair.

Creating an asymmetric key pair

Step Command

Remarks

Enter system view.

system-view

N/A

Create local RSA key pairs.

public-key local create rsa

By default, no key pair exists.

The public-key local create rsa command generates two key pairs: one server key pair and one host key

pair. Each key pair comprises a public key and a private key.
After you enter the command, you are asked to specify the modulus length. The length of an RAS key
modulus is in the range of 512 to 2048 bits. To achieve higher security, specify a modulus at least 768

bits.

NOTE:

Key pairs created with the public-key local create rsa command are saved automatically and can survive
system reboots.

Displaying or exporting the local RSA host public key

Display the local RSA host public key on the screen or export it to a specific file. Then, you can configure

the local RSA host public key on the peer device so that the peer can use the host public key to

authenticate the local end through digital signature.
To display or export the local RSA host public key:

Step Command

Remarks

Enter system view.

system-view

N/A

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000