Re: generating rsa keys

From: Ajay mehra (ajaymehra01@gmail.com)
Date: Sun Sep 21 2008 - 02:05:10 ART

• Next message: Farrukh Haroon: "Re: What material did you use to pass CCIE Voice Lab?"
• Previous message: ccievoice1: "Re: What material did you use to pass CCIE Voice Lab?"
• Maybe in reply to: Ajay mehra: "generating rsa keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi ,

I am rephrasing the question if it did not make sense earlier.
for the command
 crypto ke generate rsa general-keys modulus 512

When I use IOS 12.2(15)T17 , used in CCIE lab also there are two keys
generated one is exportable and one is not exportable. But when I use
12.3/12.4 both the keys are not exportable.

What effect this could have while using rsa-sig. I do not have access to my
ca server to verify this.

Thanks,
Ajay

2008/9/19 Ajay mehra <ajaymehra01@gmail.com>

> Hi Guys,
>
> A small doubt , please help me to get rid of it.
>
> Following command generates two keys and both of them are not exportable.
> While I was going through IE AT class as per them same command generates one
> key pair out of which one is exportable and one is not exportable.
> Rack1R3(config)#crypto key generate rsa
>
> The name for the keys will be: Rack1R3.cisco.com<http://rack1r3.cisco.com/>
> Choose the size of the key modulus in the range of 360 to 2048 for your
> General Purpose Keys. Choosing a key modulus greater than 512 may take
> a few minutes.
> How many bits in the modulus [512]:
> % Generating 512 bit RSA keys, keys will be non-exportable...[OK]
>
>
>
> Rack1R3#sh crypto key mypubkey rsa
> % Key pair was generated at: 16:57:13 UTC Sep 19 2008
> Key name: Rack1R3.cisco.com <http://rack1r3.cisco.com/>
> Usage: General Purpose Key
> **************** Key is not exportable.**************
> Key Data:
> 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00B01C83 F2341517
> 4D0475D4 CDBD41FF 82DDAEA7 FAEC1982 4A2308AF 4ECE5174 CEFC9684 5587E321
> 4F741C37 9E274CB1 7ACE22BC 17E43C05 A99B726B B5B18DD8 E3020301 0001
> % Key pair was generated at: 16:57:15 UTC Sep 19 2008
> Key name: Rack1R3.cisco.com.server
> Usage: Encryption Key
> ***** Key is not exportable.***************
> Key Data:
> 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00D3FECC 493B056D
> 98717717 03329758 ADB2C6A4 A65A3567 303474DF 593EE22A 723C8C50 3CE052BC
> 3589256B 313553CF 5921D8BF CBB93581 463E63EE 1F454105 4D487086 39729E46
> 760A46EE 1322F68A 3BE44B2D E7AB6DA1 974C6C17 F13A7B4D 01020301 0001
>
>
>
> Why is there difference? Should not the encryption key been exportable as a
> result of this command? If I use th ekeyword exportable while generating
> keys then general purpose keys become exportable and encryption key "non
> exportable"..which is opposite of the expected output.
> I am using
>
> Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version
> 12.4(11.6), INTERIM SOFTWARE
> Please advice.
>
> Thanks
> Ajay.

Blogs and organic groups at http://www.ccie.net

• Next message: Farrukh Haroon: "Re: What material did you use to pass CCIE Voice Lab?"
• Previous message: ccievoice1: "Re: What material did you use to pass CCIE Voice Lab?"
• Maybe in reply to: Ajay mehra: "generating rsa keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:19 ART