Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > ae97f6e039aa7bfa30701e9e1d87213e > files > 17

xca-0.7.0-1mdv2010.0.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>XCA : RSA and DSA keys </TITLE>
 <LINK HREF="xca-8.html" REL=next>
 <LINK HREF="xca-6.html" REL=previous>
 <LINK HREF="xca.html#toc7" REL=contents>
</HEAD>
<BODY>
<A HREF="xca-8.html">Next</A>
<A HREF="xca-6.html">Previous</A>
<A HREF="xca.html#toc7">Contents</A>
<HR>
<H2><A NAME="keys"></A> <A NAME="s7">7.</A> <A HREF="xca.html#toc7">RSA and DSA keys </A></H2>

<P>For creating certificates, keys are needed.
All keys are stored encrypted in the database using the 3DES algorithm.
The password can be changed for each certificate.</P>

<P>All keys carry a use counter which counts the times it is used. For new
requests or certificates the list of available keys is reduced to
the keys with a use counter of 0.</P>

<H2><A NAME="ss7.1">7.1</A> <A HREF="xca.html#toc7.1">Generating Keys</A>
</H2>

<P>The dialog asks for the internal name of the key and the keysize in bits.
Even if the drop-down list only shows the most usual values, any other value
may be set here by editing this box.
While searching for random prime numbers a progress bar is shown in the
bottom of the base application.
After the key generation is done the key will be stored in the database.</P>

<H2><A NAME="ss7.2">7.2</A> <A HREF="xca.html#toc7.2">Key export</A>
</H2>

<P>Keys can be exported by either selecting the key and pressing <EM>Export</EM>
or by using the context-menu. This opens a Dialogbox where the following settings can be adjusted:
<UL>
<LI>filename</LI>
<LI>Output format ( DER, PEM )</LI>
<LI>Public or Private Key</LI>
<LI>PKCS#8 format</LI>
<LI>Encryption of the exported file (yes/no)</LI>
</UL>
</P>
<P>The filename is the internal name plus a <CODE>pem</CODE>, <CODE>der</CODE> or <CODE>pk8</CODE> suffix.
When changing the fileformat, the suffix of the filename changes accordingly
Only PKCS#8 or PEM files can be encrypted, because
the DER format (although it could be encrypted)
does not support a way to supply the encryption algorithm
like e.g. <CODE>DES</CODE>.
Of course, encryption does not make sense if the private part is not exported.</P>


<HR>
<A HREF="xca-8.html">Next</A>
<A HREF="xca-6.html">Previous</A>
<A HREF="xca.html#toc7">Contents</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional