Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Instrukcja Użytkownika Pobierz pdf (Strona 31)

7.2.4. Choose the key type and size

By clicking the Advanced tab you can choose some properties used for the

generation of your key pair: the Key size (1024, 2048 or 4096 bits) and the Key

type, which defines which cipher will be used (RSA or DSA & ElGamal).

Basically, the larger the key size, the stronger the key, the greater the

processing power requested for encryption/decryption. If you are going to send

a lot of messages that will be decrypted on old machines or on PDAs, you

should probably choose a 1024-bit key. Otherwise, you don't really need to

ponder your choice: the default option (2048-bit RSA key) offers excellent

security coupled with a good usability, and will work fine.

See also FAQ entry 11.1.9.

7.2.5. Generate the key

Once you made all these choices, simply click on the button Generate key and

wait.

Your computer makes use of a great quantity of random numbers in order to

create the key. You may speed up the process by using the computer in the

meanwhile, or simply by randomly typing on the keyboard or wiggling the

mouse around to generate more randomness. On a modern computer, a

standard 2048-bit RSA key pair takes no more than a dozen seconds to

generate.

Congratulations! You just created your first key pair.

7.2.6. Generate the revocation certificate

As we just said, it may happen that your private key gets lost or compromised.

In this case it is of crucial importance to have a revocation certificate for that

specific key pair.

Once it finishes generating your key, Enigmail will offer you to also generate

such a certificate. If you accept (which we recommend), click on Generate

certificate. You will be asked where to save the revocation certificate file.

The revocation certificate file has an ASC extension to indicate it's in ASCII-

armored format, similar to uuencoded documents. This is the common file

format for exported certificates, key pairs, public keys, whole keyrings, and all

exported GnuPG output in general.

Keep the revocation certificate in a safe place and not on the same machine

you installed Enigmail, so if you even lose your key pair (e.g. due to a hard drive

crash) you don't lose the revocation certificate with it. An external hard drive,

where you also put a backup copy of your key pair, will be fine.

The revocation certificate can be used to invalidate your key pair at any time.

You do not need to type your passphrase or physically have in your keyring the

key pair you are revoking, so this will work great even if you forgot your

passphrase or accidentally deleted your key pair. However, keep in mind that

anyone having access to the revocation certificate can revoke your key pair!

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 105 106

Brak uwag

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Instrukcja Użytkownika Strona 31