pki export rsa-key-pair

Function

The pki export rsa-key-pair command exports the RSA key pair to the CF card or Hda1 and allows the export of the associated certificate and certificate chain.

Format

pki export rsa-key-pair key-name [ and-certificate certificate-name ] { pem file-name [ 3des | aes | des ] | pkcs12 file-name } password password

Parameters

Parameter Description Value
key-name Specifies the name of the RSA key pair on the device. The value must be an existing RSA key pair name.
and-certificate certificate-name Indicates that the certificate and certificate chain related to the RSA key pair are exported. The value must be an existing certificate file name.
pem file-name Indicates that the RSA key pair to be exported is in the PEM format and specifies the name of the file to be exported.

The value is a string of 1 to 64 case-insensitive characters without spaces and question marks (?).
pkcs12 file-name Indicates that the RSA key pair to be exported is in the PKCS12 format and specifies the file name to be exported.

The value is a string of 1 to 64 case-insensitive characters without spaces and question marks (?).
3des | aes | des Sets the encryption algorithm to DES, 3DES or AES if a file is exported in the PEM format. The default value is AES.
NOTE:
DES and 3DES are less secure than AES and are not recommended.
 -
password password Specifies the encryption password for the RSA key pair file. This password is used when you import an RSA key pair file.

The value is a string of 6 to 32 case-sensitive characters without question marks (?).

To enhance security, a password must contain at least two types of the following characters: uppercase letters, lowercase letters, numerals, and special characters, such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent (%).

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To transfer or back up an RSA key pair, run this command to generate the PEM or PKCS12 file carrying this RSA key pair (which may include the certificate or certificate chain) in the CF card or Hda1.

Before using this command, run the display pki rsa local-key-pair command to view information about the RSA key pairs on the device.

Prerequisites

The RSA key pair has been created and configured to be exportable using the pki rsa local-key-pair create command or the RSA key pair has been imported to the memory using the pki import rsa-key-pair command.

Precautions

The RSA key pair is sensitive information. Delete and destroy the exported RSA key pair on the device or storage device immediately after you do not need it.

Example

# Export the RSA key pair key1 to the file aaa.pem and set the encryption method to AES.

<sysname> system-view
[sysname] pki rsa local-key-pair create key1 exportable
 Info: The name of the new key-pair will be: key1
 The size of the public key ranges from 2048 to 4096.
 Input the bits in the modules:2048
 Generating key-pairs...
......+++               
....................+++ 
[sysname] pki export rsa-key-pair key1 pem aaa.pem aes password Admin@1234
 Warning: Exporting the key pair impose security risks, are you sure you want to
 export it? [y/n]:y                                                             
 Info: Succeeded in exporting the RSA key pair in PEM format.
Related Topics
pki rsa local-key-pair create
pki import rsa-key-pair
display pki rsa local-key-pair
Copyright © Huawei Technologies Co., Ltd.