Versions Compared

Old Version 1

changes.mady.by.user Wara Hermosa

Saved on

compared with

New Version Current

changes.mady.by.user user-eb51a

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Select the encryption algorithm and key size

Your selection really depends on your application:

...

A doubling of the RSA module increases processing time requirements by a factor of 4 (public key operations - Signature Verification, Encryption) and 8 (private key operations - Signature Generation, Decryption).

Set the encryption algorithm and key size

Edit the project file and modify the algorithm and strength properties.

strength=1024
algorithm=*RSA | *DSA
certificate.signing.algorithm=*MD5RSA | *SHA1RSA | *SHA1DSA

When the algorithm is *RSA, choose certificate signing algorithm *MD5RSA or *SHA1RSA.

...

The default signature algorithm is *SHA1RSA or *SHA1DSA depending on the key algorithm.

Set extended key usage

Additional key usage extensions can be added to the certificate request and client certificate by including 'extended.purpose' properties. A maximum of 20 properties can be included, starting from the sequence number of 1 and ending with the number 20.

...

  • Server Authentication (1.3.6.1.5.5.7.3.1)

  • Client Authentication (1.3.6.1.5.5.7.3.2)

  • Code Signing (1.3.6.1.5.5.7.3.3)

  • Secure Email (1.3.6.1.5.5.7.3.4)

  • Time Stamping (1.3.6.1.5.5.7.3.8)

  • OCSP Signing (1.3.6.1.5.5.7.3.9)

extended.purpose.1=1.3.6.1.5.5.7.3.1
extended.purpose.2=1.3.6.1.5.5.7.3.2
extended.purpose.3=1.3.6.1.5.5.7.3.3
extended.purpose.4=1.3.6.1.5.5.7.3.4
extended.purpose.5=1.3.6.1.5.5.7.3.8
extended.purpose.6=1.3.6.1.5.5.7.3.9

Set CRL distribution

A CRL distribution extension can be included with each certificate.

crl.distribution=http://www.mycompany.com/CRLList.crl
crl.distribution=http://www.mycompany.com/crllist.html

Set Subject Alternative Names for SSL authentication

A list of SSL authentication Subject Alternative Names can be included with each certificate.

...

Use the 'ssl.domains' property to specify a list of host domain names.

ssl.addresses=10.2.0.173,10.2.0.174
ssl.domains=*.mycompany.com,support.mycompany.com,account.mycompany.com

Example PKI Editor project file

#JSFPKIEditor last values
#Sun Nov 02 22:34:20 GMT 2003
ca.keystore=ca-key.der
ca.keystore.password=
ca.certificate=ca-cert.der
ca.expiry=1/1/2005
request.keystore=request-key.der
request.keystore.password=
request.certificate=request-cert.der
certificate=certificate.der
blank.password=*yes
algorithm=*RSA
strength=1024
certificate.signing.algorithm=*SHA1RSA
serial=75
days=365
location.organization=ACME Corporation
location.unit=Rocket Powered Systems
location.locality=Nevada Desert
location.state=NV
location.country=US
location.name=Road Runner
location.email=

...

beepbeep@acme.com
extended.purpose.1=1.3.6.1.5.5.7.3.2
extended.purpose.2=1.3.6.1.5.5.7.3.1

You need to use a text editor to set the following properties

strength=1024
algorithm=*RSA | *DSA
certificate.signing.algorithm=*MD5RSA | *SHA1RSA | *SHA1DSA
blank.password=*YES | *NO