|
A key pair consists of a public key and a secret key, both of which are required for encrypting or decrypting data. Because data that has been encrypted with one of the key pair cannot be returned to its original data form without the other, public-key cryptography ensures secure communication of data over the network. Up to five key pairs can be registered (Using CA-issued Key Pairs and Digital Certificates). For TLS encrypted communication, a key pair can be generated for the machine (Generating Key Pairs).
|
|
Digital certificates including CA certificates are similar to other forms of identification, such as driver's licenses. A digital certificate contains a digital signature, which enables the machine to detect any spoofing or tampering of data. It is extremely difficult for third parties to abuse digital certificates. A digital certificate that contains a public key of a certification authority (CA) is referred to as a CA certificate. CA certificates are used for verifying the device the machine is communicating with for features such as IEEE 802.1X authentication or adding a digital signature to a PDF file. Up to 10 CA certificates can be registered, including the five certificates that are preinstalled in the machine (Using CA-issued Key Pairs and Digital Certificates).
|
Format
|
Key pair: PKCS#12*1
CA certificate: X.509v1 or X.509v3, DER (encoded binary)
|
File extension
|
Key pair: ".p12" or ".pfx"
CA certificate: ".cer"
|
Public key algorithm
(and key length) |
RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits)
|
Certificate signature algorithm
|
SHA1-RSA, SHA256-RSA, SHA384-RSA*2, SHA512-RSA*2, MD5-RSA, or MD2-RSA
|
Certificate thumbprint algorithm
|
SHA1
|
*1 Requirements for the certificate contained in a key pair are pursuant to CA certificates.
*2 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
|
NOTE
|
The machine does not support use of a certificate revocation list (CRL).
|