The rsa local-key-pair create command generates the local RSA host and server key pairs.
By default, the local RSA host and server key pairs are not configured.
Usage Scenario
To implement secure data exchange between the server and client, run the rsa local-key-pair create command to generate a local key pair.
Precautions
If the RSA key pair exists, the system prompts you to confirm whether to replace the original key pair. The keys in the new key pair are named device name_Server and device name_Host, for example, HUAWEI_Host and HUAWEI_Server. After being encrypted by AES256, the local RSA private key is saved to the hostkey and serverkey files in the system NOR FLASH.
After you run this command, the system prompts you to enter the number of bits in the host key. The difference between the bits in the server and host key pairs must be at least 128 bits. The length of the server or host key pair is 2048 ~ 4096 bits.
After you run this command, the generated key pair is saved in the device and will not be lost after the device restarts.
To improve security of the device, it is recommended that you use a key pair of 4096 bits.
This command is not saved in a configuration file.
# Generate the local RSA host and server key pairs.
<HUAWEI> system-view
[HUAWEI] rsa local-key-pair create
The key name will be: HUAWEI_Host The range of public key size is (2048 ~ 4096). NOTES: If the key modulus is greater than 512, it will take a few minutes. Input the bits in the modulus[default = 2048]: Generating keys... ......................++++++++ ........................................................++++++++ ........+++++++++ .....+++++++++