crypto key

Generates an RSA/ECDSA/DSA key pair to sign or encrypt and decrypt the security payload during security protocol exchanges for applications. You must sign and/or encrypt and decrypt the RSA/ECDSA/DSA key pair before you obtain a certificate for your device.

Syntax

crypto key label key_label [rsa | ecdsa | dsa] [modulus key_size]
no crypto key label key_label

Parameters

label key_label
The name of the key pair.
rsa

Generates an RSA key pair.

ecdsa
Generates an ECDSA key pair.
dsa
Generates a DSA key pair.
modulus key_size
Specifies the key size. The corresponding key sizes supported for each key type are:
  • RSA: 1024 or 2048
  • DSA: 1024

  • ECDSA: 256,384, or 521

Modes

Global configuration mode

Usage Guidelines

Use the no form of this command to remove the key pair.

The key label must contain alphanumeric characters.

Examples

Typical command example for generating the key pair. 

device(config)# crypto key label k1 rsa modulus 2048
device(config)# do show running-config crypto
crypto key label k1 rsa modulus 2048

The following is an example of using the no form of the command: 

device(config)# no crypto key label k1
9036284-00 Rev AA