Key and certificate requirements, Key pair, Ca certificate – Canon i-SENSYS MF244dw User Manual

Configuring Settings for Key Pairs and Digital
Certificates

1525-04Y

In order to encrypt communication with a remote device, an encryption key must be sent and received over an

unsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensures

secure communication by protecting important and valuable information from attacks, such as sniffing, spoofing, and

tampering of data as it flows over a network.

Key Pair

A key pair consists of a public key and a secret key, both of which are required for encrypting or

decrypting data. Because data that has been encrypted with one of the key pair cannot be
returned to its original data form without the other, public-key cryptography ensures secure
communication of data over the network. A key pair is used for TLS encrypted communication
or TLS of the IEEE 802.1X authentication. Up to five key pairs (including the preinstalled pairs)
can be generated to the machine ( Using CA-issued Key Pairs and Digital
Certificates(P. 265) ). A key pair can be generated with the machine ( Generating Key
Pairs(P. 258) ).

CA Certificate

Digital certificates including CA certificates are similar to other forms of identification, such as

driver's licenses. A digital certificate contains a digital signature, which enables the machine to
detect any spoofing or tampering of data. It is extremely difficult for third parties to abuse
digital certificates. A digital certificate that contains a public key of a certification authority (CA)
is referred to as a CA certificate. CA certificates are used for verifying the device the machine is
communicating with for features such as printing with Google Cloud Print or IEEE 802.1X
authentication. Up to 67 CA certificates can be registered, including the 62 certificates that are
preinstalled in the machine ( Using CA-issued Key Pairs and Digital Certificates(P. 265) ).

◼

Key and Certificate Requirements

The certificate contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CA

certificate from a computer, make sure that they meet the following requirements:

Format

●

Key pair: PKCS#12

*1

●

CA certificate: X.509v1 or X.509v3, DER (encoded binary), PEM

File extension

●

Key pair: ".p12" or ".pfx"

●

CA certificate: ".cer"

Public key algorithm
(and key length)

RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits)

Certificate signature algorithm

SHA1-RSA, SHA256-RSA, SHA384-RSA

*2

, SHA512-RSA

*2

, MD5-RSA, or MD2-RSA

Certificate thumbprint algorithm SHA1

*1

Requirements for the certificate contained in a key pair are pursuant to CA certificates.

*2

SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.

Security

256