Crypto Key Generate Rsa Modulus 1024 Invalid Input

Oct 02, 2015  Router(config)# crypto key generate rsa general-keys The name for the keys will be: myrouter.example.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. We need configure SSH on a Cisco router or switch in order to access it remotely, unless we're using an access server. # crypto key generate rsa modulus 1024. Oct 24, 2019  An example of asymmetric encryption in python using a public/private keypair - utilizes RSA from PyCrypto library - RSAexample.py. Def generatekeys : # RSA modulus length must be a multiple of 256 and = 1024. Invalid syntax. This comment has been minimized. Sign in to view.

in CCNA & CCENT
Good evening all,
I am working on a lab and am trying to configure ssh on a 2950 switch ios version 12.1(11).
I have created a local user and password however when I try and generate the rsa I get this error:
any suggestions?
0·Share on FacebookShare on Twitter

Crypto Key Generate Rsa Modulus 1024 Invalid Input Form

Comments

  • BadFish,
    What is the name of the image you're using? I would check the Cisco Feature Navigator to be sure that the IOS you're using supports the command. It appears that the IOS you're using doesn't. Perform a 'show version' to determine your IOS. I hope this helps.
    V/r
    ~Peanut
    We cannot have a superior democracy with an inferior education system!
    -Mayor Cory Booker
  • 2950 switch ios version 12.1(11)
    What's the actual image name from the show version command (assuming someone didn't rename it)?
    Is it the crypto image or the non-crypto image?
    :mike: Cisco Certifications -- Collect the Entire Set!
  • Chances are the image doesn't support the crypto functions. I ran into this with my 1721 router and had the same issue until I figured out that version of my IOS didn't support it. For some reason they decided they wanted to load all my routers with the IP-base IOS.
  • CISSP, GIAC x5, CompTIA x5Greenville, SC USAMemberPosts: 5,735■■■■■■■■■■
    As far as I know 2950s do not support SSH. On my last job we switched out all of our 2950s for newer switches in order to move completely to SSH.
    0·Share on FacebookShare on Twitter
  • Currently working on:
    CCNP, 70-620 Vista 70-290 Server 2003
    Packet Tracer activities and ramblings on my blog:
    http://www.sbntech.info
  • Login to the Cisco website and grab a k image.

    Is there a way for me to get an image without having to pay for support? :
  • Is there a way for me to get an image without having to pay for support? :
    IOS images for basic switches like a 2950 are free to download without a SMARTnet contract. You just need to register a user on cisco.com.
An article by Fabio SemperboniTutorial

A digital certificate or identity certificate is an electronic document which uses a digital signature to bind a public key with an identity, information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). /generating-1024-bit-rsa-keys-keys-will-be-non-exportable.html. However, there are situations where it is not possible use a CA, so the only solutions is to use a self-signed certificate, an identity certificate that is signed by the same entity whose identity it certifies.

The standard used by Cisco is X.509, an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

The most common use of certificates is for HTTPS-based web sites. A web browser validates that an SSL web server is authentic, so that the user can feel secure that his/her interaction with the web site has no eavesdroppers and that the web site is who it claims to be. Other uses are VPN lan2lan, GetVPN and so on.

There are two different approaches to create a self-signed certificate: automatic or manual.

To automatically create an rsa key pairs and a certificate, enable the https server:

Where is the certificate?

Remember: Save the configuration to save the certificate!

The second method requires three steps: create an rsa key pairs, create a self signed trust point and enroll the certificate.

Create an RSA keys:

Create a local PKI:

Remembers: The “subject-name” is the name of the entity whose public key the certificate identifies. For instance, “O” identify the “Organization” and “CN” the Common name

Obtain the certificate from the local certificate authority:

Remember: You must save the configuration to save the certificate!

To see more information about the certificates and the rsa keys are, you can use these commands:

  • show crypto pki certificates
  • show crypto pki trustpoints
  • show crypto key mypubkey rsa

References:

Crypto Key Generate Rsa Command

How to create self-signed certificates
Description
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). However, there are situations where it is not possible use a CA, so the only solutions is to use a self-signed certificate, an identity certificate that is signed by the same entity whose identity it certifies.
Author

Crypto Key Generate Rsa Modulus 1024 Invalid Input Meaning

Tags: CA, Certificate, PKI, RSA