SigningAlgorithmConstraints Plug-in Module
Chapter
3
Constraints Policy Plug-in Modules
111
•
The maximum key size permitted for certificates is 2048 bits (
maxSize=2048
).
•
The exponents allowed are 3, 7, 17, and 65537 (
exponents=3,7,17,65537
).
For details on individual parameters defined in the rule, see Table 3-9 on page 109.
You need to review this rule and make the changes appropriate for your PKI setup.
For instructions, see section “Step 2. Modify Existing Policy Rules” in Chapter 18,
“Setting Up Policies” of CMS Installation and Setup Guide. For instructions on
adding additional instances, see section “Step 4. Add New Policy Rules” in the
same chapter.
SigningAlgorithmConstraints Plug-in Module
The
SigningAlgorithmConstraints
plug-in module implements the signing
algorithm constraints policy. This policy restricts the requested signing algorithm
to be one of the algorithms supported by Certificate Management System: MD2
with RSA, MD5 with RSA, and SHA-1 with RSA, if the Certificate Manager’s
signing key is RSA and SHA-1 with DSA, if the Certificate Manager’s signing key is
DSA.
When a Certificate Manager digitally signs a message, it generates a compressed
version of the message called a message digest. Some of the algorithms used to
produce this digest include MD5 and SHA-1 (Secure Hash Algorithm).
•
MD5 generates a 128-bit message digest. Most existing software applications
that handle certificates only support MD5.
•
SHA-1 generates a 160-bit message digest. Some software applications do not
yet support the SHA-1 algorithm. For example, Netscape Navigator 3.0 (or
higher) and Enterprise Server 2.01 (or higher) support SHA-1; previous
versions of these applications do not support SHA-1.
You may apply this policy to end-entity certificate enrollment and renewal
requests.
During installation, Certificate Management System automatically creates an
instance of the signing algorithm constraints policy. See “SigningAlgRule Rule” on
page 114.
Содержание Certificate Management System 6.0
Страница 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Страница 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 126: ...ValidityConstraints Plug in Module 126 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 266: ...LdapSubjAttrMap Plug in Module 266 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 324: ...DNs in Certificate Management System 324 Netscape Certificate Management System Plug Ins Guide March 2002...
Страница 370: ...CA Certificates and Extension Interactions 370 Netscape Certificate Management System Plug Ins Guide March 2002...