Configuring Settings for Key Pairs and DigitalCertificates0YSF-04UIn order to encrypt communication with a remote device, an encryption key must be sent and received over anunsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensuressecure communication by protecting important and valuable information from attacks, such as sniffing, spoofing, andtampering of data as it flows over a network.Key PairA key pair consists of a public key and a secret key, both of which are required for encrypting ordecrypting data. Because data that has been encrypted with one of the key pair cannot bereturned to its original data form without the other, public-key cryptography ensures securecommunication of data over the network. Up to eight key pairs, including the preinstalled pairs,can be registered ( Using CA-issued Key Pairs and Digital Certificates(P. 329) ). For TLSencrypted communication, a key pair can be generated for the machine ( Generating KeyPairs(P. 320) ).CA CertificateDigital certificates including CA certificates are similar to other forms of identification, such asdriver's licenses. A digital certificate contains a digital signature, which enables the machine todetect any spoofing or tampering of data. It is extremely difficult for third parties to abusedigital certificates. A digital certificate that contains a public key of a certification authority (CA)is referred to as a CA certificate. CA certificates are used for verifying the device the machine iscommunicating with for features such as printing with Google Cloud Print or IEEE 802.1Xauthentication. Up to 150 CA certificates can be registered, including the 72 certificates that arepreinstalled in the machine ( Using CA-issued Key Pairs and Digital Certificates(P. 329) ).◼ Key and Certificate RequirementsThe certificate contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CAcertificate from a computer, make sure that they meet the following requirements:Format● Key pair: PKCS#12*1● CA certificate:X.509v1 DER (encoded binary)X.509v3 DER (encoded binary)File extension ● Key pair: ".p12" or ".pfx"● CA certificate: ".cer"Public key algorithm(and key length)● Key Pair: RSA (512 bits*2, 1024 bits, 2048 bits, 4096 bits)● CA Certificate:RSA (512 bits*2, 1024 bits, 2048 bits, 4096 bits)DSA (1024 bits/2048 bits/3072 bits)*1 Requirements for the certificate contained in a key pair are pursuant to CA certificates.*2 Not supported when the operating system of the device the machine communicates with is Windows 8/10/Server 2012.Encrypted communication may also be unavailable with other Windows versions depending on the program update status.*3 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.Security318
