< Home

rsa signature-padding

Function

The rsa signature-padding command configures a padding mode for the RSA signature.

The undo rsa signature-padding command restores the default padding mode for the RSA signature.

By default, the padding mode of the RSA signature is PSS.

Format

rsa signature-padding { pkcs1 | pss }

undo rsa signature-padding

Parameters

Parameter Description Value

pkcs1

Sets the padding mode of the RSA signature to Public-Key Cryptography Standards 1 (PKCS1).

-

pss

Sets the padding mode of the RSA signature to Probabilistic Signature Scheme (PSS).

-

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

On an IPSec-enabled network, identity authentication can be performed using an RSA signature or digital envelope. When the padding mode of the RSA signature in the certificate is set to PKCS1, there are security risks. To improve network security, run the rsa signature-padding command to set the padding mode of the RSA signature to PSS.

Example

# Set the padding mode of the RSA signature to PSS.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] rsa signature-padding pss
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >