Creating a local key pair

When you create a local key pair, follow these guidelines:

Table 19: A comparison of different types of asymmetric key algorithms

Type

Generated key pairs

Modulus/key length

RSA

  • In non-FIPS mode:

    • One host key pair, if you specify a key pair name.

    • One server key pair and one host key pair, if you do not specify a key pair name.
      Both key pairs use their default names.

  • In FIPS mode: One host key pair.

NOTE:

  • In non-FIPS mode: 512 to 2048 bits, 1024 bits by default.To ensure security, use a minimum of 768 bits.

  • In FIPS mode: 2048 bits.

DSA

One host key pair.

  • In non-FIPS mode: 512 to 2048 bits, 1024 bits.To ensure security, use a minimum of 768 bits.

  • In FIPS mode: 2048 bits.

ECDSA

One host key pair.

  • In non-FIPS mode: 192, 256, 384, or 521 bits.

  • In FIPS mode: 256, 384, or 521 bits.

To create a local key pair:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a local key pair.

  • In non-FIPS mode:public-key local create { dsa | ecdsa [ secp192r1 | secp256r1 | secp384r1 | secp521r1 ] | rsa } [ name key-name ]

  • In FIPS mode:public-key local create { dsa | ecdsa [ secp256r1 | secp384r1 | secp521r1 ] | rsa } [ name key-name ]

By default, no local key pairs exist.