Conguring Settings for Key Pairs and Digital
Certicates
0W20-04R
In order to encrypt communication with a remote device, an encryption key must be sent and received over an
unsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensures
secure communication by protecting important and valuable information from attacks, such as sning, spoong, and
tampering of data as it ows over a network.
Key Pair
A key pair consists of a public key and a secret key, both of which are required for encrypting or
decrypting data. Because data that has been encrypted with one of the key pair cannot be
returned to its original data form without the other, public-key cryptography ensures secure
communication of data over the network. Up to ve key pairs, including the preinstalled pairs,
can be registered ( Using CA-issued Key Pairs and Digital Certicates(P. 262) ). For SSL
encrypted communication, a key pair can be generated for the machine ( Generating Key
Pairs(P. 254) ).
CA Certicate
Digital certicates including CA certicates are similar to other forms of identication, such as
driver's licenses. A digital certicate contains a digital signature, which enables the machine to
detect any spoong or tampering of data. It is extremely dicult for third parties to abuse
digital certicates. A digital certicate that contains a public key of a certication authority (CA)
is referred to as a CA certicate. CA certicates are used for verifying the device the machine is
communicating with for features such as printing with Google Cloud Print or IEEE 802.1X
authentication. Up to 67 CA certicates can be registered, including the 62 certicates that are
preinstalled in the machine ( Using CA-issued Key Pairs and Digital Certicates(P. 262) ).
◼
Key and Certicate Requirements
The certicate contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CA
certicate from a computer, make sure that they meet the following requirements:
Format
● Key pair: PKCS#12
*1
● CA certicate: X.509v1 or X.509v3, DER (encoded binary)
File extension
● Key pair: ".p12" or ".pfx"
● CA certicate: ".cer"
Public key algorithm
(and key length)
RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits)
Certicate signature algorithm
SHA1-RSA, SHA256-RSA, SHA384-RSA
*2
, SHA512-RSA
*2
, MD5-RSA, or MD2-RSA
Certicate thumbprint algorithm SHA1
*1
Requirements for the certicate contained in a key pair are pursuant to CA certicates.
*2
SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
● The machine does not support use of a certicate revocation list (CRL).
Security
253
To Next Page
Loading...
Need help?
General
