EasyManua.ls Logo

HP 5120 SI Series

HP 5120 SI Series
385 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
212
Asymmetric key algorithm applications
Asymmetric key algorithms can be used for encryption and digital signature.
• Encryption—The sender uses the public key of the intended receiver to encrypt the information to be
sent. Only the intended receiver, the holder of the paired private key, can decrypt the information.
This mechanism ensures confidentiality.
• Digital signature—The sender "signs" the information to be sent by encrypting the information with
its own private key. A receiver decrypts the information with the sender's public key and, based on
whether the information can be decrypted, determines the authenticity of the information.
The Revest-Shamir-Adleman Algorithm (RSA), and the Digital Signature Algorithm (DSA) are asymmetric
key algorithms. RSA can be used for data encryption/decryption and signature, whereas DSA is used for
signature only.
NOTE:
Symmetric key al
g
orithms are often used to encrypt/decrypt data for security. Asymmetric key al
g
orithms
are usually used in digital signature applications for peer identity authentication because they involve
complex calculations and are time-consuming. In digital signature applications, only the digests, which
are relatively short, are encrypted.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non
-FIPS mode.
Configuring the local asymmetric key pair
You can create and destroy a local asymmetric key pair, and export the host public key of a local
asymmetric key pair.
Creating an asymmetric key pair
Follow these steps to create an asymmetric key pair:
To do… Use the command…
Remarks
Enter system view system-view
—
Create a local DSA key pair, or
RSA key pairs
public-key local create { dsa | rsa }
Required
By default, no key pair is created.
In non-FIPS mode, the public-key local create rsa command generates two key pairs: one server key pair
and one host key pair. Each key pair comprises a public key and a private key. In FIPS mode, the
public-key local create rsa command generates only one host key pair.
In both FIPS and non-FIPS mode, the public-key local create dsa command generates only one host key
pair.
The ranges and default values of DSA and RSA key modulus lengths differ in FIPS mode and non-FIPS
mode:

Table of Contents

Other manuals for HP 5120 SI Series

Preview: Command Reference
Command Reference395 pages
Preview: Specification
Specification33 pages

Related product manuals