Asymmetric key algorithm applications, Configuring the local asymmetric key pair, Creating an asymmetric key pair – H3C Technologies H3C S5120 Series Switches User Manual

Page 513

Advertising
background image

1-2

Asymmetric Key Algorithm Applications

Asymmetric key algorithms can be used for encryption and digital signature:

z

Encryption: The sender uses the public key of the intended receiver to encrypt the information to be

sent. Only the intended receiver, the holder of the paired private key, can decrypt the information.

This mechanism ensures the confidentiality.

z

Digital signature: The sender "signs" the information to be sent by encrypting the information with

its own private key. A receiver decrypts the information with the sender's public key and, based on

whether the information can be decrypted, determines the authenticity of the information.

Revest-Shamir-Adleman Algorithm (RSA), and Digital Signature Algorithm (DSA) are all asymmetric

key algorithms. RSA can be used for data encryption/decryption and signature, whereas DSA is used

for signature only.

Symmetric key algorithms are often used to encrypt/decrypt data for security. Asymmetric key

algorithms are usually used in digital signature applications for peer identity authentication because

they involve complex calculations and are time-consuming. In digital signature applications, only the

digests, which are relatively short, are encrypted.

Configuring the Local Asymmetric Key Pair

You can create and destroy a local asymmetric key pair, and export the host public key of a local

asymmetric key pair.

Creating an Asymmetric Key Pair

Follow these steps to create an asymmetric key pair:

To do…

Use the command…

Remarks

Enter system view

system-view

Create a local DSA key pair, or
RSA key pairs

public-key local create { dsa |
rsa }

Required

By default, there is no such key
pair.

z

The public-key local create rsa command generates two key pairs: one server key pair and one

host key pair. Each key pair comprises a public key and a private key. The length of an RSA key

modulus ranges from 512 to 2048 bits. For security, a modulus of at least 768 bits is

recommended.

z

The public-key local create dsa command generates only one key pair, the host key pair. The

length of a DSA key modulus ranges from 512 to 2048 bits. For security, a modulus of at least 768

bits is recommended.

Advertising