Applies To:
Show Versions
BIG-IP AAM
- 13.0.1, 13.0.0
BIG-IP APM
- 13.0.1, 13.0.0
BIG-IP LTM
- 13.0.1, 13.0.0
BIG-IP AFM
- 13.0.1, 13.0.0
BIG-IP DNS
- 13.0.1, 13.0.0
BIG-IP ASM
- 13.0.1, 13.0.0
About managing FIPS keys using the BIG-IP Configuration utility
You can use the BIG-IP® Configuration utility to create FIPS keys, import existing FIPS keys into a hardware security module (HSM), and convert existing keys into FIPS keys.
Existing FIPS keys (.exp files) can only be imported into an HSM that possesses the same Master Symmetric key used when the FIPS keys were exported. The Symmetric Master Key is used to encrypt SSL private keys as they are exported from an HSM. Therefore, only the same Master Symmetric key can be used to decrypt the SSL private keys as they are imported into the HSM.
Creating FIPS keys using the BIG-IP Configuration utility
Importing keys using the BIG-IP Configuration utility
Converting a key to FIPS using the BIG-IP Configuration utility
About managing FIPS keys using tmsh
You can use the Traffic Management Shell (tmsh) to create FIPS keys, import existing keys into an F5® system, and convert existing keys to FIPS keys.
Creating FIPS keys using tmsh
Importing FIPS keys using tmsh
Converting a key to FIPS using tmsh
Listing FIPS keys in the HSM using tmsh
Listing FIPS keys in the F5 software configuration using tmsh
Deleting a key from the F5 software configuration and HSM using tmsh
Supported FIPS key sizes
These are the supported key sizes for F5® FIPS platforms.
FIPS platform | Supported key sizes (bits) |
---|---|
5000 | 1024, 2048, 4096 |
7000 | 1024/2048, 4096 |
10200 | 1024, 2048, 4096 |
10350 | 2048 |
Additional FIPS platform management tmsh commands
This table lists additional tmsh commands that you can use to manage your FIPS platform.
Command | Description |
---|---|
show sys crypto fips key | Lists information about FIPS keys stored in the FIPS card, including FIPS key ID, length, type, and key objects. |
list sys crypto key | Lists keys in the F5® software configuration. |
delete sys crypto fips key <key-id> | Deletes a FIPS key from the FIPS card only. |