Asymmetric key algorithm applications, Configuring the local asymmetric key pair, Creating an asymmetric key pair – H3C Technologies H3C S7500E Series Switches User Manual
Page 197
 
11-2
is kept secret while the public key may be distributed widely, and the private key cannot be
practically derived from the public key.
Asymmetric Key Algorithm Applications
Asymmetric key algorithms can be used for encryption/decryption and digital signature:
z
Encryption: The sender uses the public key of the intended receiver to encrypt the
information to be sent. Only the intended receiver, the holder of the paired private key, can
decrypt the information. This mechanism ensures the confidentiality.
z
Digital signature: The sender "signs" the information to be sent by encrypting the
information with its own private key. A receiver decrypts the information with the sender's
public key and, based on whether the information can be decrypted, determines the
authenticity of the information.
Revest-Shamir-Adleman Algorithm (RSA) and Digital Signature Algorithm (DSA) are all
asymmetric key algorithms. RSA can be used for data encryption/decryption and signature,
whereas DSA is used for signature only.
Symmetric key algorithms are often used to encrypt/decrypt data for security. Asymmetric key
algorithms are usually used in digital signature applications for peer identity authentication
because they involve complex calculations and are time-consuming. In digital signature
applications, only the digests, which are relatively short, are encrypted.
Configuring the Local Asymmetric Key Pair
You can create and destroy a local asymmetric key pair, and export the host public key of a
local asymmetric key pair.
Creating an Asymmetric Key Pair
Follow these steps to create an asymmetric key pair:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a local DSA key pair, or
RSA key pairs
public-key local create { dsa |
rsa }
Required
By default, there is no such key
pair.
z
The public-key local create rsa command generates two key pairs: one server key pair
and one host key pair. Each key pair comprises a public key and a private key. The length