Registration of keys and certificates, Definition of "weak encryption – Canon imageCLASS D1650 All-in-One Monochrome Laser Printer User Manual

●

IPSec supports communication to a unicast address (or a single device).

●

The machine cannot use both IPSec and DHCPv6 at the same time.

◼

Registration of Keys and Certificates

●

If you install a key or CA certificate from a computer, make sure that they meet the following requirements:

Format

●

Key: PKCS#12

*1

●

CA certificate: X.509 DER/PEM

File extension

●

Key: ".p12" or ".pfx"

●

CA certificate: ".cer" or ".pem"

Public key algorithm
(and key length)

●

RSA (512 bits, 1024 bits, 2048 bits, 4096 bits)

●

DSA (1024 bits, 2048 bits, 3072 bits)

●

ECDSA (P256, P384, P521)

Certificate signature algorithm

●

RSA: SHA-1, SHA-256, SHA-384

*2

, SHA-512

*2

, MD2, MD5

●

DSA: SHA-1

●

ECDSA: SHA-1, SHA-256, SHA-384, SHA-512

Certificate thumbprint algorithm SHA1

*1

Requirements for the certificate contained in a key are pursuant to CA certificates.

*2

SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.

●

The machine does not support use of a certificate revocation list (CRL).

◼

Definition of "Weak Encryption"

When <Prohibit Use of Weak Encrypt.> is set to <On>, the use of the following algorithms is prohibited.

Hash:

MD4, MD5, SHA-1

HMAC:

HMAC-MD5

Common key cryptosystem:

RC2, RC4, DES

Public key cryptosystem:

RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024
bits), DH (512 bits/1024 bits)

●

Even when <Prohibit Weak Encryp. Key/Cert.> is set to <On>, the hash algorithm SHA-1, which is used for
signing a root certificate, can be used.

Appendix

685