Public/Private Key Pair Registry Key
OVERVIEW
Secure communications require RSA keys. 1024-bit or 2048-bit key lengths are
typically used today. Longer keys are usually required to protect highly
sensitive information and to increase protection as the computer capacity to
break (determine the private key associated with a published public key)
increases. The JNIOR automation is not intended for use in extremely secure
environments and its processing capabilities limit it to a maximum 1024-bit
key pair.
As shipped the JNIOR is factory configured with a standard 1024-bit key. At
some point if SSL remains enabled and the JNIOR is connected to an active
network, JANOS will initiate the 'Security Update' process. This will
generate a unique 1024-bit key replacing the default.
The RSA Key or
key pair is required to establish encrypted SSL/TLS
communications. It is the two-part key, with a private part and a public
part, that allows two parties to privately exchange information. The key pair
is used in creating a
Certificate that not only conveys the public part of
the key to others but serves as device authentication. Certificates are
digitally signed using the RSA key.
By default the JNIOR creates, and self-signs, its own Certificate. With JANOS
v2.5.1 and later this certificate is instead signed by the INTEG Root Certificate
Authority. Both the device certificate and INTEG Root Certificate are supplied
upon connection. You may import the root certificate to your Windows Trusted
Root Certification Authorities store allowing any JNIOR running JANOS v2.5.1
or later to be connected securely (avoiding warnings). The CERTMGR -V command
can be used to verify the current RSA Key and Certificate.
bruce_dev2 /> certmgr -v
1024-bit key pair verifies
private key operation requires about 2.3 seconds
certificate:
Issuer C=US, ST=Pennsylvania, L=Gibsonia, O=INTEG Process Group, Inc.,
OU=JNIOR Automation, CN=INTEG Root Certificate Authority
Subject O=INTEG Process Group, Inc., OU=JNIOR Automation, CN=bruce_dev2
is signed by Issuer
As can be seen from this, RSA operations are time-consuming. Security
calculations are designed to be so. It is the effort in performing the
calculations that makes it extremely difficult for others to attempt to
decode the private part of the key. You rely on this. Fortunately, the RSA
calculation is performed only once in setting up a secure connection to
convey a unique one-time shared secret that the two parties will then use
to efficiently encrypt and decrypt their communications.
The CERTMGR command may also be used to install an externally generated RSA
key pair. This is limited to a 1024-bit key length. The Security Update
process will not overwrite an externally loaded key pair. The CERTMGR command
also allows you to install and manage an externally generated Certificate.
SEE ALSO
HELP Topics:
CERTMGR
[/flash/manpages/registry.hlp:1222]