Canon LBP352 - Configuring Settings for Key Pairs and Digital Certificates

To Next Page

To Previous Page

Conguring Settings for Key Pairs and Digital

Certicates

0X7U-04K

In order to encrypt communication with a remote device, an encryption key must be sent and received over an

unsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensures

secure communication by protecting important and valuable information from attacks, such as sning, spoong, and

tampering of data as it ows over a network.

Key Pair

A key pair consists of a public key and a secret key, both of which are required for encrypting or

decrypting data. Because data that has been encrypted with one of the key pair cannot be

returned to its original data form without the other, public-key cryptography ensures secure

communication of data over the network. Up to eight key pairs, including the preinstalled pairs,

can be registered ( Using CA-issued Key Pairs and Digital Certicates(P. 326) ). For TLS

encrypted communication, a key pair can be generated for the machine ( Generating Key

Pairs(P. 317) ).

CA Certicate

Digital certicates including CA certicates are similar to other forms of identication, such as

driver's licenses. A digital certicate contains a digital signature, which enables the machine to

detect any spoong or tampering of data. It is extremely dicult for third parties to abuse

digital certicates. A digital certicate that contains a public key of a certication authority (CA)

is referred to as a CA certicate. CA certicates are used for verifying the device the machine is

communicating with for features such as printing with Google Cloud Print or IEEE 802.1X

authentication. Up to 150 CA certicates can be registered, including the 72 certicates that are

preinstalled in the machine ( Using CA-issued Key Pairs and Digital Certicates(P. 326) ).

◼

Key and Certicate Requirements

The certicate contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CA

certicate from a computer, make sure that they meet the following requirements:

Format

● Key pair: PKCS#12

● CA certicate:

X.509v1 DER (encoded binary)

X.509v3 DER (encoded binary)

File extension

● Key pair: ".p12" or ".pfx"

● CA certicate: ".cer"

Public key algorithm

(and key length)

● Key Pair: RSA (512 bits

, 1024 bits, 2048 bits, 4096 bits)

● CA Certicate:

RSA (512 bits

, 1024 bits, 2048 bits, 4096 bits)

DSA (1024 bits/2048 bits/3072 bits)

Requirements for the certicate contained in a key pair are pursuant to CA certicates.

Not supported when the operating system of the device the machine communicates with is Windows 8/Server 2012. Encrypted

communication may also be unavailable with other Windows versions depending on the program update status.

SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.

Security

315

Main Page

Canon LBP352 - Configuring Settings for Key Pairs and Digital Certificates

Table of Contents

Related product manuals