McAfee MEJCAE-AM-DA Product Guide - Page 20
Creating and Exchanging Keys, Choosing a key type, Creating a key pair
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 20 highlights
4 Creating and Exchanging Keys This section describes how to generate, view, and manage the public and private key pair that you need to correspond with other E-Business Server users. It also explains how to distribute your public key and obtain the public keys of others so that you can begin exchanging private and authenticated information. Choosing a key type E-Business Server provides you with two key types to choose from: Diffie-Hellman/DSS and RSA. Versions of E-Business Server prior to 5.0 used RSA keys exclusively. Versions later than 5.0 introduced the ElGamal variant of Diffie-Hellman technology. With E-Business Server versions 7.0 and above, the RSA key format has been improved to provide support for features previously available only to Diffie-Hellman/DSS keys: support for Additional Decryption Keys (ADKs), designated revokers, multiple encryption subkeys, and photo ID features. These features are not available to users with RSA keys created prior to Version 7.0, now known as RSA Legacy keys. Which key type is the right choice for you? • Choose Diffie-Hellman/DSS or RSA if you want to take advantage of many E-Business Server key features; including, Additional Decryption Keys (ADKs), designated revokers, multiple encryption subkeys, and photo IDs. • Choose RSA or RSA Legacy if you plan to correspond with people who are using RSA keys. • Choose RSA Legacy only if those you communicate with are using older versions of E-Business Server; otherwise choose the new RSA key format. (The two versions are not compatible with each other.) Note: The RSA key type is only fully compatible with E-Business Server versions 7.0 and above, and some other OpenPGP applications. If you plan to correspond with people who are still using RSA Legacy keys, you might want to generate an RSA Legacy key pair, which is compatible with older versions of the program. Creating a key pair Unless you have already done so while using another version of E-Business Server, the first thing you need to do before sending or receiving encrypted and signed email is create a new key pair. A key pair consists of two keys: a private key that only you possess and a public key that you freely distribute to those with whom you correspond. You generate a new key pair from the E-Business Server command line. Note: If you are upgrading from an earlier version of E-Business Server, you have probably already generated a private key and have distributed its matching public key to those with whom you correspond. In this case, you don't have to make a new key pair (as described in the next section). Instead, use the PUBRING and SECRING parameters in the E-Business Server configuration file to point to your keyrings. For more information, see Specifying configuration values on page 86. Tip: It's best to create the fewest number of key pairs possible. You generally need only one key pair. However, if you want one key pair for office use and one for home use, consider the potential disadvantages-if you place both public keys on a public key server, will someone who wants to send you encrypted information know which key to use? Will you remember the passphrases for both keys? It's tempting to create multiple sets of keys, but later you might find yourself wishing you hadn't. To create a key pair: 1 Enter the following at the command line: ebs --key-gen 2 Choose a key type. E-Business Server™ 8.6 Product Guide 18