The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

crca (1)
  • >> crca (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • 
    NAME
         crca - create and  initialize  organization's  Root  CA  key
         package and certificate
    
    SYNOPSIS
         crca [-v] [-e exponent] [-k keypkg_owner]
         [-l length]
    
    AVAILABILITY
         SUNWskica
    
    DESCRIPTION
         The crca utility creates and initializes a key  package  and
         self-signed  certificate for an organization's Root Certifi-
         cation Authority (CA).  The generated key  package  contains
         (among  other  information)  an  RSA  key  pair  and  a dis-
         tinguished name identifying the Root CA.  The generated  key
         package  and certificate are stored in the configured naming
         service (see fns(5)).
    
         The Root CA  for  which  the  key  package  and  certificate
         credentials  are  generated  is  identified by keypkg_owner,
         which is an X.500 distinguished name in  string  representa-
         tion.  If  no keypkg_owner is provided, the user who is run-
         ning crca will be prompted for one.
    
         The user is prompted to enter a password. This  password  is
         used  to generate an encryption key, under which the private
         key in  the  key  package  is  encrypted  (using  triple-DES
         encryption).
    
         The length and exponent arguments can be used to specify the
         length  of  the  key and the value of the public exponent of
         the RSA key pair being generated.
    
      Criteria for choosing your key length
         The security of RSA depends on the difficulty  of  factoring
         large numbers that are the product of two large primes.  The
         larger the key size, the greater the security, but also  the
         slower  the  RSA operations.  To determine how long your key
         should be, you have to consider both the  intended  security
         and  lifetime  of  the key, and the current state-of-the-art
         factoring techniques. Currently, the following RSA key sizes
         are  supported  by SKI: 512, 768, and 1024 bits.  CAs should
         choose the highest available key size when generating  their
         own  keypair,  since the validity of so many other key pairs
         depends on the security of the one central key.  Note that a
         larger  key  size has some performance impact:  Doubling the
         key size would, on average, increase the time  required  for
         public-key  operations  (encryption  and signature verifica-
         tion) by a factor of 4,  and  increase  the  time  taken  by
         private-key  operations (decryption and signing) by a factor
         of 8. Key generation time would increase by a factor  of  16
         upon  doubling the key size, but this is a relatively infre-
         quent operation.
    
         The default key length for a Root CA is 1024 bits.
    
      Criteria for choosing the exponent of your public key
         The RSA public key is composed of the  public  exponent  and
         the  modulus. The two most commonly used values for the pub-
         lic key exponent are: F0=3 and F4=65537 (which is hex 01  00
         01).  F4 stands for Fermat 4.  The RSA algorithm calls for a
         public key exponent that has  no  common  divisor  with  (p-
         1)(q-1),  where  p, q are the two primes. With F0 and F4, it
         is easier to find a p and q for which that criterion is met.
         F4  is  a  good  choice  for a public exponent because it is
         large, prime, and of low weight, where weight refers to  the
         number of 1's in the binary representation.
    
         The default value for the public exponent is F4.
    
         Once the Root CA has been created, the ccreds(1) command can
         be called to create credentials for other users, machines or
         subordinate CAs.
    
      Root Certification Authority Operations
         Operations performed by a Root CA, including  the  execution
         of crca, are sensitive operations and should be performed on
         a standalone machine without any network  access.   Security
         is  important  because  of  the sensitivity of the Root CA's
         private key. A compromised Root CA's private key allows oth-
         ers to impersonate that CA.
    
    OPTIONS
         The following options are supported:
    
         -v      Give verbose output.
    
         -e exponent
                 Public exponent for RSA key  generation.  Either  F0
                 (numeric  value 3) or F4 (Fermat 4). By default, the
                 public exponent is F4.
    
         -k keypkg_owner
                 CA identity. This is a Distinguished Name in  print-
                 able representation, e.g. "o=SUN, c=US".
    
         -l length
                 This is the key length. Supported key sizes are 512,
                 768, and 1024. Defaults to 1024.
    
    SEE ALSO
         keypkg(1), ccreds(1)
    
    NOTES
         For software shipped outside North America, only 512 bit RSA
         key sizes are supported (default).
    
    
    
    


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру