EasyManua.ls Logo

HP 5120 SI Series

HP 5120 SI Series
385 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
213
• In non-FIPS mode, the DSA and RSA key modulus lengths are in the range of 512 to 2048 bits, and
default to 1024 bits.
• In FIPS mode, the DSA key modulus length is in the range of 1024 to 2048 bits, and defaults to
1024 bits. The RSA key modulus length must be 2048 bits.
When using the command to create DSA or RSA key pairs, you will be prompted to provide the length
of the key modulus. To achieve higher security, specify the modulus length to be at least 768 bits.
NOTE:
Key pairs created with the public-key local create command are saved automatically and can survive
system reboots.
Displaying or exporting the local RSA or DSA host public key
Display the local RSA or DSA host public key on the screen or export it to a specified file. Then, you can
configure the local RSA or DSA host public key on the remote end so that the remote end can use the host
public key to authenticate the local end through digital signature.
Follow these steps to display or export the local RSA or DSA host public key:
To do… Use the command…
Remarks
Enter system view system-view
—
Display the local RSA host public
key on the screen in a specified
format, or export it to a specified
file
• In non-FIPS mode:
public-key local export rsa
{ openssh | ssh1 | ssh2 }
[ filename ]
• In FIPS mode:
public-key local export rsa
{ openssh | ssh2 } [ filename ]
Select a command according to
the type of the key to be exported.
Display the local DSA host public
key on the screen in a specified
format or export it to a specified
file
public-key local export dsa
{ openssh | ssh2 } [ filename ]
Destroying an asymmetric key pair
You may need to destroy an asymmetric key pair and generate a new pair when an intrusion event has
occurred, the storage media of the device is replaced, the asymmetric key has been used for a long time,
or the certificate from the Certificate Authority (CA) expires. To check the certificate status, use the display
pki certificate command. For more information about the CA and certificate, see the chapter "PKI
configuration."
Follow these steps to destroy an asymmetric key pair:
To do… Use the command…
Remarks
Enter system view system-view
—
Destroy an asymmetric key pair
public-key local destroy { dsa |
rsa }
Required

Table of Contents

Other manuals for HP 5120 SI Series

Preview: Command Reference
Command Reference395 pages
Preview: Specification
Specification33 pages

Related product manuals