Question about "show crypto key mypubkey rsa"

trofish · ‎05-16-2007

Cisco document says:

crypto key generate rsa [usage-keys | general-keys] [key-pair-label]

general-keys

(Optional) Specifies that the general-purpose key pair should be generated.

usage-keys

(Optional) Specifies that two special-usage key pairs should be generated, instead of one general-purpose key pair.

But, after command:

R1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: R1.test.com

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

R1#show crypto key mypubkey rsa

% Key pair was generated at: 00:03:29 UTC Mar 1 2002

Key name: R1.test.com

Usage: General Purpose Key

Key is not exportable.

Key Data:

305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C4082F 1D3030A9

93E0E67F 6F448CB3 1A248B26 A93AECDE 5B2ED977 18AA786C F67BBB51 20411D34

DE39C94D 57C51E0F E3D6AFC1 953A421A 604BAB10 4667EB2E 65020301 0001

% Key pair was generated at: 00:03:29 UTC Mar 1 2002

Key name: R1.test.com.server

Usage: Encryption Key

Key is not exportable.

Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00AC2515 F99EC647

9A99F26C 997B155C E1BC86B2 D7B1E31E 27C4C22B 5A2C5AF6 7C419450 01127235

6E12C42F 85CE1793 2893991F 1A559545 CEDD26FC 680562AD 9D2350FE 79A8D9E1

3B5E8456 52A472AA F5992AB9 9B228DBB D9330645 75E8CD31 31020301 0001

R1#

As the show command output, Two RSA key pairs generated (not one pair):

Key name: R1.test.com

Usage: General Purpose Key

Key name: R1.test.com.server

Usage: Encryption Key

may buddy tell me why? Thanks!

Jon Marshall · ‎05-16-2007

Hi

You don't have two key pairs here, you have two keys. When you create an RSA key pair you get a public key and a private key. This is what you are seeing in this output, on pair of keys only.

HTH

Jon

trofish · ‎05-17-2007

Hi Jon,

Thank you for your replay.

I do not think so!

The key name is different:

Key name: R1.test.com

Key name: R1.test.com.server

I think the private key can't be seen.

trofish · ‎05-17-2007

If I can see the public key and the private key:

R1(config)#crypto key generate rsa usage-keys modulus 512

The name for the keys will be: R1.test.com

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

R1(config)#

I should see 4 keys, as the below output , just 3keys.

R1#sh crypto key mypubkey rsa

% Key pair was generated at: 00:06:21 UTC Mar 1 2002

Key name: R1.test.com

Usage: Signature Key

Key is not exportable.

Key Data:

305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00AD5C0F 5A88CB91

911E8F15 AA8F4DBA 5708CF84 5490A402 E9EBE7C8 BCFC70E3 BFB0600E 505CBBDB

7C236C13 C5B5B33F DD066293 A80F42E9 B20D44FB 986D4441 9B020301 0001

% Key pair was generated at: 00:06:21 UTC Mar 1 2002

Key name: R1.test.com

Usage: Encryption Key

Key is not exportable.

Key Data:

305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00BE4CA6 360087D2

3B44E7E6 2EBFF5E6 6A874AF9 D0F259E0 505E06EF 8FAF9F77 D771F98C BDDDED29

C2E5A4B0 991700CE 4C1C2D1F 5CADB2AE BF86DB03 5B1D534B 45020301 0001

% Key pair was generated at: 00:06:23 UTC Mar 1 2002

Key name: R1.test.com.server

Usage: Encryption Key

Key is not exportable.

Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00E8608A 87E5BBD6

067D13CF 17AF79BF EDEC8BB6 AFEFC459 7EF9F524 E01F8B34 027CEBE8 CE87003E

05730C29 5E8D04C2 A43B87D7 B2A6E20F 64457669 842E45B0 9A0C7CEE 1F834722

95C1FB2A 910CDCAF BB25804C F1459AC3 8EECA1D2 8A7AD5EC E5020301 0001

R1#