<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21"> <TITLE>XCA : RSA and DSA keys </TITLE> <LINK HREF="xca-8.html" REL=next> <LINK HREF="xca-6.html" REL=previous> <LINK HREF="xca.html#toc7" REL=contents> </HEAD> <BODY> <A HREF="xca-8.html">Next</A> <A HREF="xca-6.html">Previous</A> <A HREF="xca.html#toc7">Contents</A> <HR> <H2><A NAME="keys"></A> <A NAME="s7">7.</A> <A HREF="xca.html#toc7">RSA and DSA keys </A></H2> <P>For creating certificates, keys are needed. All keys are stored encrypted in the database using the 3DES algorithm. The password can be changed for each certificate.</P> <P>All keys carry a use counter which counts the times it is used. For new requests or certificates the list of available keys is reduced to the keys with a use counter of 0.</P> <H2><A NAME="ss7.1">7.1</A> <A HREF="xca.html#toc7.1">Generating Keys</A> </H2> <P>The dialog asks for the internal name of the key and the keysize in bits. Even if the drop-down list only shows the most usual values, any other value may be set here by editing this box. While searching for random prime numbers a progress bar is shown in the bottom of the base application. After the key generation is done the key will be stored in the database.</P> <H2><A NAME="ss7.2">7.2</A> <A HREF="xca.html#toc7.2">Key export</A> </H2> <P>Keys can be exported by either selecting the key and pressing <EM>Export</EM> or by using the context-menu. This opens a Dialogbox where the following settings can be adjusted: <UL> <LI>filename</LI> <LI>Output format ( DER, PEM )</LI> <LI>Public or Private Key</LI> <LI>PKCS#8 format</LI> <LI>Encryption of the exported file (yes/no)</LI> </UL> </P> <P>The filename is the internal name plus a <CODE>pem</CODE>, <CODE>der</CODE> or <CODE>pk8</CODE> suffix. When changing the fileformat, the suffix of the filename changes accordingly Only PKCS#8 or PEM files can be encrypted, because the DER format (although it could be encrypted) does not support a way to supply the encryption algorithm like e.g. <CODE>DES</CODE>. Of course, encryption does not make sense if the private part is not exported.</P> <HR> <A HREF="xca-8.html">Next</A> <A HREF="xca-6.html">Previous</A> <A HREF="xca.html#toc7">Contents</A> </BODY> </HTML>