User`s guide
422
The larger the key, the more secure the connection, but also the larger the key, the slower
the connection.
Save in SSHv1 format
If this checkbox is checked the private key will be generated in SSH version 1 format. If it is
cleared the private key will be generated in SSH version 2 format.
Related CLI Commands
The
genkey command can be used to generate a private key file.
To generate a private key, enter the command
genkey 0 <keysize> <filename> <-ssh1>
where
<keysize> is the size of the key in bits.
<filename> is the name of the private key file.
<-ssh1> is optional, and will generate the private key file in SSH version 1
format.
Note: IPsec requires SSH version 2 private keys.
For example, to generate a 1024 bit SSH version 2 key called privkey.pem, enter:
genkey 1024 privkey.pem
You will see the following output:
OK
Starting 1024 bit key generation. Please wait. This may take some
time...
Key generated, saving to FLASH file privkey.pem
Closing file
Private key file created
All tasks completed
Private key files - Splitting Certificates
For increased security there is the option of splitting the private key file between the Digi
flash and an USB memory stick. Once a private key has been split and stored in 2 parts, the
USB memory stick must be present for any successful IKE negotiations that involve the
private key. As the USB memory stick only contains a part of the private key, it cannot be
used in another unit.
The command to split a private key is:
privsplit <certificate filename>