crypto key

Generates an RSA, ECDSA, or DSA key pair to sign or encrypt and decrypt the security payload during security protocol exchanges for applications. You must sign and encrypt or decrypt the key pair before you obtain a certificate for your device.

Syntax

crypto key label key-name [rsa | ecdsa | dsa] [modulus bit-value]
no crypto key label key-name

Parameters

label key-name
The name of the key pair.
rsa

Generates an RSA key pair.

ecdsa
Generates an ECDSA key pair.
dsa
Generates a DSA key pair.
modulus bit-value
Specifies the key size. The corresponding key sizes supported for each key type are:
  • RSA: 1024 or 2048
  • DSA: 1024
  • ECDSA: 256,384, or 521

Modes

Global configuration mode

Usage Guidelines

Use the no form of this command to remove the key pair.

The key label must contain alphanumeric characters.

Examples

Typical command examples for generating a key pair. 

device(config)# crypto key label k1 rsa modulus 1024
device(config)# crypto key label key2 rsa modulus 2048
device(config)# crypto key label pvtkey3 dsa modulus 1024
device(config)# crypto key label k4 ecdsa modulus 384
device(config)# crypto key label k5 ecdsa modulus 521

The following is an example of removing a key pair. 

device(config)# no crypto key label k1
9036689-01 Rev AA