<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21"> <TITLE>XCA - X Certificate and key management: RSA, DSA and EC keys </TITLE> <LINK HREF="xca-8.html" REL=next> <LINK HREF="xca-6.html" REL=previous> <LINK HREF="xca.html#toc7" REL=contents> </HEAD> <BODY> <A HREF="xca-8.html">Next</A> <A HREF="xca-6.html">Previous</A> <A HREF="xca.html#toc7">Contents</A> <HR> <H2><A NAME="keys"></A> <A NAME="s7">7.</A> <A HREF="xca.html#toc7">RSA, DSA and EC keys </A></H2> <P>For creating certificates, keys are needed. All keys are stored encrypted in the database using the 3DES algorithm. The password can be changed for each certificate. The password type means: <UL> <LI>common: The database password provided during database load</LI> <LI>private: The key has its own password, which is not stored by XCA. This can be set and reset via the context menu of the key</LI> <LI>PIN: Security tokens are usually protected by a PIN</LI> <LI>No password: Public keys don't need a password</LI> </UL> </P> <P>All keys carry a use counter which counts the times it is used. For new requests or certificates the list of available keys is reduced to the keys with a use counter of 0.</P> <H2><A NAME="ss7.1">7.1</A> <A HREF="xca.html#toc7.1">Generating Keys</A> </H2> <P>The dialog asks for the internal name of the key and the keysize in bits. For EC keys, a list of curves is shown. It contains all X9.62 curves. When importing an EC key with explicit curve parameters, the corresponding curve OID is searched and set if found. Even if the drop-down list only shows the most usual key sizes, any other value may be set here by editing this box. While searching for random prime numbers a progress bar is shown in the bottom of the base application. After the key generation is done the key will be stored in the database.</P> <P>For every connected token providing the Key-generate facility an entry in the drop-down menu of the keytypes will be shown. It contains the name of the token and the valid key-sizes.</P> <H2><A NAME="ss7.2">7.2</A> <A HREF="xca.html#toc7.2">Key export</A> </H2> <P>Keys can be exported by either selecting the key and pressing <EM>Export</EM> or by using the context-menu. This opens a Dialogbox where the following settings can be adjusted:</P> <P> <UL> <LI>filename</LI> <LI>Output format ( DER, PEM )</LI> <LI>Public or Private Key</LI> <LI>PKCS#8 format</LI> <LI>Encryption of the exported file (yes/no)</LI> </UL> </P> <P>The filename is the internal name plus a <CODE>pem</CODE>, <CODE>der</CODE> or <CODE>pk8</CODE> suffix. When changing the fileformat, the suffix of the filename changes accordingly. Only PKCS#8 or PEM files can be encrypted, because the DER format (although it could be encrypted) does not support a way to supply the encryption algorithm like e.g. <CODE>DES</CODE>. Of course, encryption does not make sense if the private part is not exported.</P> <HR> <A HREF="xca-8.html">Next</A> <A HREF="xca-6.html">Previous</A> <A HREF="xca.html#toc7">Contents</A> </BODY> </HTML>
distrib
>
Mandriva
>
2010.2
>
i586
>
media
>
contrib-backports
>
by-pkgid
>
0c89b3ea2a5834ec2b3bc40317678ccb
>
files
>
18
