The Verifone Certificate Authority; Required Files - VeriFone MX 900 Series Reference Manual

10

The VeriFone Certificate Authority

To manage the tools and processes related to FA, VeriFone has established a
centralized VeriFone Certificate Authority, or VeriFone CA. This agency is
responsible for managing keys and certificates. The VeriFone CA uses an
integrated set of software tools to generate and distribute digital certificates
and private cryptographic keys to customers who purchase the MX 900 Series
terminal.

Required Files

The following specially formatted files support the FA process:
■
■
■
Digital certificates and signature files need not be secured to safeguard the
overall security of VeriShield.
The special file types that support the file authentication process are
recognized by their filename extensions:
A digital certificate (*.crt file) is a digital, public document used to verify
the signature of a file.
A digital signature (*.p7s file) is a piece of information based on both the
file and the signer's private cryptographic key. The file sender digitally
signs the file using a private key. The file receiver uses a digital
certificate to verify the sender's digital signature.
Signer private keys are securely conveyed to clients on smart cards. On
MX 900, private keys are not kept in files. (The .key file in the File
Signing Tool is for legacy platforms supporting a default signer
certificate.) The secret passwords required by clients to generate
signature files, using signer private keys, are sent as PINs over a separate
channel such as registered mail or encrypted e-mail.
File Type
Signature
Signer private key
Digital Certificate
MX 900 Series Reference Manual
Extension
*.p7s
*.key
*.crt
September 14, 2012