This page lets you specify the key algorithm that the certificate authority will use. The options are RSA and ECDSA.
Key SizeThe following table will help you determine the restrictions on key size depending on your intended use:
Algorithm | Key Size | Key Usage | Type |
---|---|---|---|
RSA | 4096, 2048, 1024, 768, 512 Bits | Key Encipherment Digital Signature Data Encipherment | Unspecified, Encryption, Signature, Custom, TLS |
ECDSA | 384, 256, 521 Bits | Key Encipherment Digital Signature Data Encipherment | Unspecified, Encryption, Signature, Custom, TLS |
It is recommended to choose the largest key size possible. Larger keys are harder to break and provide a more secure environment for your cryptography-enabled application.
Key Type and Usage
These options allow you to select a key type. Each key type has predefined key usage values associated with it. This association is signified with a check in the check box next to the key usage value when the key type is selected.
These key usages are a subset of the key usages that have been defined in X.509 v3, and they serve different purposes. Data encipherment is asserted when the public key is to be used for encrypting user data (other than cryptographic keys). Key encipherment is asserted when the public key is to be used for encrypting or enciphering other cryptographic keys--for example, for key management purposes. Digital signature is asserted when the public key is used to validate or verify a digital signature.
Unspecified
This option is the default and does not activate any key usage in the certificate. Applications interpret this in one of two ways: either no key usages are turned on or they are all turned on.
Encryption
This option activates the Key Encipherment key usage.
Signature
This option activates the Digital Signature key usage.
SSL or TLS
This option configures the key so that it can be used in SSL or TLS transactions.
Custom
This option allows you to select any or all of the key usage options manually.
Set the Key Usage Extension to Critical
With any key type except Unspecified selected, you can mark the key usage extension as critical. Any extension that is critical must be understood by the receiving software before the certificate can be used for any purpose. Therefore, marking an extension as critical does pose some risk, since not all applications will be able to use the certificate. However, for well-known extensions such as key usage, the risk is minimal. In general, if key usage is specified, the extension should be marked critical.
For information about NetIQ trademarks, see Legal Notices.