Related Documentation
- J Series
- Understanding Certificates and PKI
- Example: Generating a Public-Private Key Pair
- Digital Certificates Configuration Overview
- SRX Series
- Understanding Certificates and PKI
- Example: Generating a Public-Private Key Pair
- Digital Certificates Configuration Overview
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Public Key Cryptography
The public-private key pairs used in public key cryptography play an important role in the use of digital certificates. A public-private key pair encrypts and decrypts data. Data encrypted with a public key, which the owner makes available to the public, can be decrypted with the corresponding private key only, which the owner keeps secret and protected. For example, if Alice wants to send Bob an encrypted message, Alice can encrypt it with Bob's public key and send it to him. Bob then decrypts the message with his private key.
The reverse process is also useful: encrypting data with a private key and decrypting it with the corresponding public key. This process is known as creating a digital signature. For example, if Alice wants to present her identity as the sender of a message, she can encrypt the message with her private key and send the message to Bob. Bob then decrypts the message with Alice's public key, thus verifying that Alice is indeed the sender.
When you generate a public-private key pair, the device automatically saves the key pair in a file in the certificate store, where it is subsequently used in certificate request commands. The generated key pair is saved as certificate-id.priv.
 | Note: The default RSA and DSA key size is 1024 bits. If you are using the Simple Certificate Enrollment Protocol (SCEP), Junos OS supports RSA only. |
| Note: If the device renews a great number of certificates at once, thus using up keys rapidly, it might run out of pregenerated keys and have to generate them promptly for each new request. In this case, the generation of keys might affect the performance of the device, especially in a high-availability environment where the performance of the device might slow down for a number of minutes. |
Related Documentation
- J Series
- Understanding Certificates and PKI
- Example: Generating a Public-Private Key Pair
- Digital Certificates Configuration Overview
- SRX Series
- Understanding Certificates and PKI
- Example: Generating a Public-Private Key Pair
- Digital Certificates Configuration Overview
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
