Generating rsa key pair – Brocade Virtual ADX Global Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

54

Brocade Virtual ADX Global Server Load Balancing Guide

53-1003245-01

Secure GSLB

1

Generating RSA key pair

Before authentication can proceed, each ADX device that is secure GSLB enabled must generate a
static RSA public/private key pair for itself. The private key is used to prove the identity of the local
device. It never leaves the system. In comparison, the public key is sent to the remote peer. The
peer then uses that key to decrypt data.

The private key and public key compensate each other.

Private(Public(A)) = A and
Public(Private(A)) = A

You can refer to either operation as encryption and the other decryption. Many engineers refer to
the public key operation as encryption, and call the private key operation decryption.

Use the crypto key generate rsa command on both the controller and site ADX devices to generate
a random RSA public/private key pair. This key pair needs to be generated on each ADX device
involved in the secure GSLB communication. Since the keys on each box are generated together,
they are always in agreement.

Syntax: [no] crypto key generate rsa

Example

The following GSLB controller example assumes a minimum working GSLB configuration is already
set up (refer to

“Minimum GSLB configuration”

on page 59).

SLB-Ctrl-Virtual ADX(config)#ip dns domain-name example2.com

SLB-Ctrl-Virtual ADX(config)#crypto key generate rsa

Generating rsa

keypair..................................................................done!

rsapublic_key"10243516320480114350385337927420684604699847215100737339140179784

0463596710017038795521320990076735951547998548950700124427622983729636247496044

8810297880244822925958194700326493941745541854086588315530748050102379348032059

7889011743490357195498301864347794398342179943239191530516416905654211931607212

87517491 [email protected]"

rsa private_key "*************************"

Virtual ADX(config)#wr mem

.Write startup-config in progress.

..Write startup-config done.

Virtual ADX(config)#Saving SSH host keys process is ongoing. Please wait

.................................................................................

......Writing SSH host keys is done!

SLB-Ctrl-Virtual ADX(config)#^Z

SLB-Ctrl-Virtual ADX#reload

A write mem followed by a reload is required. Next, enter the crypto key generate rsa command on
the site ADX device and reload.

Notice the public key is cleartext whereas the private key is not.

NOTE

The crypto RSA component calls the same key functions as SSH. Similar to the SSH implementation,
the public and private keys for each ADX device are stored in its E2PROM. The private key cannot be
seen or displayed using any CLI commands or any other user interface. Not even an administrator
can gain access to the private key.