Canon Color imageCLASS MF632Cdw imageCLASS MF735Cdw/MF733Cdw/MF731Cdw/MF634Cdw - Page 722
Registration of Keys and Certificates, Definition of Weak Encryption
View all Canon Color imageCLASS MF632Cdw manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 722 highlights
Appendix ● IPSec supports communication to a unicast address (or a single device). ● The machine cannot use both IPSec and DHCPv6 at the same time. ● IPSec is unavailable in networks in which NAT or IP masquerade is implemented. ◼ Registration of Keys and Certificates ● A certificate and key that can be generated by the machine conform to X.509v3. If you install a key or CA certificate from a computer, make sure that they meet the following requirements: Format ● Key: PKCS#12*1 ● CA certificate: X.509v1 or X.509v3, DER (encoded binary), PEM File extension ● Key: ".p12" or ".pfx" ● CA certificate: ".cer" or ".pem" Public key algorithm (and key length) RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits), ECDSA (P256, P384, P521) Certificate signature algorithm SHA1-RSA, SHA256-RSA, SHA384-RSA*2, SHA512-RSA*2, MD5-RSA, MD2-RSA, SHA1-ECDSA, SHA256-ECDSA, SHA384-ECDSA, or SHA512-ECDSA Certificate thumbprint algorithm SHA1 *1Requirements for the certificate contained in a key are pursuant to CA certificates. *2SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more. ● The machine does not support use of a certificate revocation list (CRL). ◼ Definition of "Weak Encryption" When is set to , the use of the following algorithms is prohibited. Hash: MD4, MD5, SHA-1 HMAC: HMAC-MD5 Common key cryptosystem: RC2, RC4, DES Public key cryptosystem: RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits) ● Even when is set to , the hash algorithm SHA-1, which is used for signing a root certificate, can be used. 714