Creating a local asymmetric key pair

When you create an asymmetric key pair, follow these guidelines:

Table 13: A comparison of different types of asymmetric key algorithms

Type

Number of key pairs

Modulus length

RSA

  • In non-FIPS mode: one server key pair and one host key pair.

  • In FIPS mode: one host key pair.

  • In non-FIPS mode: 512 to 2048 bits and defaults to 1024 bits.Hewlett Packard Enterprise recommends using 768 bits or longer.

  • In FIPS mode: 2048 bits.

DSA

One host key pair.

  • In non-FIPS mode: 512 to 2048 bits and defaults to 1024 bits.Hewlett Packard Enterprise recommends using 768 bits or longer.

  • In FIPS mode: 1024 to 2048 bits and defaults to 1024 bits.

ECDSA

One host key pair.

  • 192 bits, when the secp192r1 curve is used to create the key pair. (Available in non-FIPS mode.)

  • 256 bits, when the secp256r1 curve is used to create the key pair.

To create a local asymmetric key pair:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a local asymmetric key pair.

  • In non-FIPS mode:public-key local create { dsa | ecdsa { secp192r1 | secp256r1 } | rsa }

  • In FIPS mode:public-key local create { dsa | ecdsa secp256r1 | rsa }

By default, no asymmetric key pair is created.