Generate the RSA Keys

By default, RSA key pairs do not exist on the Cisco router. You need to add the optional command usage-keys to the command to generate an encryption key pair and an authentication key pair. The command for generating RSA key pairs is crypto key generate rsa usage-keys . This command generates a key pair (one public and one private key). When generating RSA keys, you must select a "modulus length." RSA keys can be generated in four lengths: 360 bits, 512 bits, 1024 bits, and 2048 bits. The longer the modulus length, the more secure the key, and the more time required to generate the key. Cisco recommends a minimum modulus length of 1024 bits. This is a simple process for generating RSA keys. Example 19-12 depicts the generation of RSA keys for with a modulus length of 1024 bits. Notice that the router tells you that it will take longer to generate keys with a longer key length.

0 0

Post a comment