Asymmetric key algorithm applications, Configuring the local asymmetric key pair, Creating an asymmetric key pair – H3C Technologies H3C S5120 Series Switches User Manual
Page 513
1-2
Asymmetric Key Algorithm Applications
Asymmetric key algorithms can be used for encryption and digital signature:
z
Encryption: The sender uses the public key of the intended receiver to encrypt the information to be
sent. Only the intended receiver, the holder of the paired private key, can decrypt the information.
This mechanism ensures the confidentiality.
z
Digital signature: The sender "signs" the information to be sent by encrypting the information with
its own private key. A receiver decrypts the information with the sender's public key and, based on
whether the information can be decrypted, determines the authenticity of the information.
Revest-Shamir-Adleman Algorithm (RSA), and Digital Signature Algorithm (DSA) are all asymmetric
key algorithms. RSA can be used for data encryption/decryption and signature, whereas DSA is used
for signature only.
Symmetric key algorithms are often used to encrypt/decrypt data for security. Asymmetric key
algorithms are usually used in digital signature applications for peer identity authentication because
they involve complex calculations and are time-consuming. In digital signature applications, only the
digests, which are relatively short, are encrypted.
Configuring the Local Asymmetric Key Pair
You can create and destroy a local asymmetric key pair, and export the host public key of a local
asymmetric key pair.
Creating an Asymmetric Key Pair
Follow these steps to create an asymmetric key pair:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create a local DSA key pair, or
RSA key pairs
public-key local create { dsa |
rsa }
Required
By default, there is no such key
pair.
z
The public-key local create rsa command generates two key pairs: one server key pair and one
host key pair. Each key pair comprises a public key and a private key. The length of an RSA key
modulus ranges from 512 to 2048 bits. For security, a modulus of at least 768 bits is
recommended.
z
The public-key local create dsa command generates only one key pair, the host key pair. The
length of a DSA key modulus ranges from 512 to 2048 bits. For security, a modulus of at least 768
bits is recommended.