The pki export rsa-key-pair command exports the RSA key pair to the flash and allows the export of the associated certificate.
pki export rsa-key-pair key-name [ and-certificate certificate-name ] { pem file-name [ 3des | aes | des ] | pkcs12 file-name } password password
Parameter |
Description |
Value |
|---|---|---|
key-name |
Specifies the name of the RSA key pair on the device. |
The value must be an existing RSA key pair name. |
and-certificate certificate-name |
Indicates that the certificate related to the RSA key pair are exported. |
The value must be an existing certificate file name. |
pem file-name |
Indicates that the RSA key pair to be exported is in the PEM format and specifies the name of the file to be exported. |
The value is a string of 1 to 64 case-insensitive characters without spaces and question marks (?). When the value contains a directory, it is a string of 1 to 127 characters, for example, flash:/8ab3/ab3.pem. |
pkcs12 file-name |
Indicates that the RSA key pair to be exported is in the PKCS12 format and specifies the file name to be exported. |
The value is a string of 1 to 64 case-insensitive characters without spaces and question marks (?). When the value contains a directory, it is a string of 1 to 127 characters, for example, flash:/8ab3/ab3.pem. |
3des | aes | des |
Sets the encryption algorithm to DES, 3DES or AES if a file is exported in the PEM format. The default value is AES. NOTE:
DES and 3DES are less secure than AES and are not recommended. |
- |
password password |
Specifies the encryption password for the RSA key pair file. This password is used when you import an RSA key pair file. |
The value is a string of 6 to 32 case-sensitive characters without question marks (?). To enhance security, a password must contain at least two types of the following characters: uppercase letters, lowercase letters, numerals, and special characters, such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent (%). |
Usage Scenario
To transfer or back up an RSA key pair, run this command to generate the PEM or PKCS12 file carrying this RSA key pair (which may include the certificate) in the flash.
Before using this command, run the display pki rsa local-key-pair command to view information about the RSA key pairs on the device.
Prerequisites
The RSA key pair has been created and configured to be exportable using the pki rsa local-key-pair create command or the RSA key pair has been imported to the memory using the pki import rsa-key-pair command.
Precautions
The RSA key pair is sensitive information. Delete and destroy the exported RSA key pair on the device or storage device immediately after you do not need it.
# Export the RSA key pair key1 to the file aaa.pem and set the encryption method to AES.
<HUAWEI> system-view [HUAWEI] pki rsa local-key-pair create key1 exportable Info: The name of the new key-pair will be: key1 The size of the public key ranges from 512 to 4096. Input the bits in the modules:2048 Generating key-pairs... ......+++ ....................+++ [HUAWEI] pki export rsa-key-pair key1 pem aaa.pem aes password Admin@1234 Warning: Exporting the key pair impose security risks, are you sure you want to export it? [y/n]:y Info: Succeeded in exporting the RSA key pair in PEM format.