Table E.1 lists all cryptographic operations available in the export version of Certificate Management System, and the key strength or algorithm strength allowed for each operation. The term export-strength is defined in SSL Cipher Suite Profiles for Export.
Table E.1 Approved export operations and key lengths
Description of cryptographic operation
| Key length or algorithm strength
|
|---|
SSL connections: from end entity to Registration Manager [HTML forms]
| export-strength SSL
|
SSL connections: from end entity to Registration Manager [CSR processors]
| export-strength SSL
|
SSL connections: from Registration Manager to Certificate Manager
| export-strength SSL
|
SSL connections: from Registration Manager to Data Recovery Manager
| export-strength SSL
|
SSL connections: from Registration Manager to Directory
| export-strength SSL
|
SSL connections: from Certificate Manager to Directory
| export-strength SSL
|
SSL connections: from Netscape Console to Registration Manager, Certificate Manager, and Data Recovery Manager subsystems
| export-strength SSL
|
Generation, verification, and storage of PQG parameters along with DSA certificates
| P,G <= 4096 and Q=160 bits
|
Generation, signing (encryption), verifying (decryption), and storage of RSA keys for the purpose of signing/verifying X.509 digital certificates
| key <= 4096 bits
|
Generation, signing (encryption), verifying (decryption), and storage of DSA keys for the purpose of signing/verifying X.509 digital certificates
| key <= 4096 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of client authentication from Registration Manager to Certificate Manager subsystems
| key <= 4096 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of client authentication from Registration Manager to Data Recovery Manager subsystems
| key <= 4096 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of client authentication from Registration Manager subsystems to Directory
| key <= 4096 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of client authentication from Registration Manager to Certificate Manager subsystems
| key <= 4096 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of client authentication from Registration Manager to Data Recovery Manager subsystems
| key <= 4096 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of client authentication from Registration Manager subsystems to Directory
| key <= 4096 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of client authentication between Registration Manager, Certificate Manager, and Data Recovery Manager subsystems
| key <= 4096 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of client authentication between Registration Manager, Certificate Manager, and Data Recovery Manager subsystems
| key <= 4096 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of SSL server authentication of the Registration Manager
| authentication key <= 4096 bits
key exchange key <= 1024 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of SSL server authentication of the Certificate Manager
| authentication key <= 4096 bits
key exchange key <= 1024 bits
|
Generation, signing, verifying, and storage of RSA keys for the purpose of SSL server authentication of the Data Recovery Manager
| authentication key <= 4096 bits
key exchange key <= 1024 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of SSL server authentication of the Registration Manager
| authentication key <= 4096 bits
key exchange key <= 1024 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of SSL server authentication of the Certificate Manager
| authentication key <= 4096 bits
key exchange key <= 1024 bits
|
Generation, signing, verifying, and storage of DSA keys for the purpose of SSL server authentication of the Data Recovery Manager
| authentication key <= 4096 bits
key exchange key <= 1024 bits
|
Signature and verification of CMMF/CRMF messages by Certificate Manager, Registration Manager, and Data Recovery Manager using RSA algorithm
| key <= 4096 bits
|
Signature and verification of CMMF/CRMF messages by Certificate Manager, Registration Manager, and Data Recovery Manager using DSA algorithm
| key <= 4096 bits
|
Transport key for Data Recovery Manager: generation, storage, and verification of RSA key for the purpose of transport of end-entity private keys to the Data Recovery Manager (unwrap of keys)
| key <= 4096 bits
|
Long-term storage key for Data Recovery Manager: generation, storage, encryption, and decryption using RSA key for the purpose of long term storage of end-entity private keys (wrap and unwrap of keys for storage and recovery)
| key <= 4096 bits
|
Bulk ciphers for use in encrypting key material for long term storage within Data Recovery Manager
| DES-EDE3, RC2-128, RC2-40, DES
|
Bulk ciphers for use in encrypting key material for transport between Registration Manager and Data Recovery Manager
| DES-EDE3, RC2-128, RC2-40, DES
|
|
Previous
