Signingalgorithmconstraints - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Table 12-10 RSAKeyConstraints Configuration Parameters (Continued)
Parameter
Description
Specifies the minimum length, in bits, for the key (the length of the modulus in bits). The value
minSize
must be smaller than or equal to the one specified by the maxSize parameter. Permissible
values: 512, 1024, 2048, or 4096. You may also enter a custom key size that is between
512 and 4096 bits. The default value is 512.
Specifies the maximum length, in bits, for the key. Permissible values: 512, 1024, 2048, or
maxSize
4096. You may also enter a custom key size that is between 512 and 4096 bits. The default
value is 2048.
Limits the possible public exponent values. Use commas to separate different values.
exponents
Some exponents are more widely used than others. The following exponent values are
recommended for arithmetic and security reasons: 17 and 65537. Of these two values,
65537 is preferred. (This setting is mainly an issue if you are using your own software for
generating key pairs. Key-generation programs in
65537.)
Permissible values: A combination of 3, 7, 17, and 65537, separated by commas. The default
value is 3,7,17,65537.
SigningAlgorithmConstraints
The
SigningAlgorithmConstraints
algorithm to be one of the algorithms supported by CS: MD2 with RSA, MD5 with RSA,
and SHA-1 with RSA, if the Certificate Manager's signing key is RSA and SHA-1 with
DSA, if the Certificate Manager's signing key is DSA.
When a Certificate Manager digitally signs a message, it generates a compressed version of
the message called a message digest. Some of the algorithms used to produce this digest
include MD5 and SHA-1 (Secure Hash Algorithm).
•
MD5 generates a 128-bit message digest. Most existing software applications that
handle certificates only support MD5.
•
SHA-1 generates a 160-bit message digest. Some software applications do not yet
support the SHA-1 algorithm. For example, Netscape Navigator 3.0 (or higher) and
Enterprise Server 2.01 (or higher) support SHA-1; previous versions of these
applications do not support SHA-1.
You may apply this policy to end-entity certificate enrollment and renewal requests.
During installation, CS automatically creates an instance of the signing algorithm
constraints policy, named
plug-in module restricts the requested signing
, that is enabled by default.
SigningAlgRule
Constraints-Specific Policy Module Reference
Red Hat
clients and servers use 3 or
Chapter 12
Policies
483
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?