McAfee MEJCAE-AM-DA Product Guide - Page 23

Creating and Exchanging Keys Creating a passphrase that you will remember If you want to use a smart card other than one that we have listed as being supported, then you must set the SMARTCARD-TYPE to other, as well as specify the path to the DLL to use with it by setting the SMARTCARD-DLL parameter. You can also set this on the command line using --smartcard-dll. For more information on specifying the DLL, see SMARTCARD-DLL on page 105. To create a key pair on a smart card: 1 Put your smart card in the smart card reader. Caution: Removing your smart card from the smart card reader while generating a new key pair on the smart card, or when using the keys on your smart card in later commands, may result in unpredictable behavior. 2 Enter the following on the command line: ebs --key-gen [--smartcard-type [--smartcard-dll ] --smartcard 3 Do one of the following: • Enter 2 to create an RSA key. • Enter 3 to create an RSA Legacy key. Note: Diffie-Hellman/DSS keys are not supported on smart cards. 4 Enter 1024 for the key size. (Due to the limited space on current smart cards, key sizes other than 1024 bits may not be supported.) 5 Enter the text that will comprise your user ID (149 characters, maximum). E-Business Server prompts you with instructions. It's not absolutely necessary to enter your real name or even your email address. However, using your real name makes it easier for others to identify you as the owner of your public key. For example: Robert M. Huang If you do not have an email address, use your phone number or some other unique information that would help ensure that your user ID is unique. 6 Enter your smart card PIN number as your passphrase. Your new key pair is generated and stored directly on your smart card. For information on viewing the contents of your smart card, see Viewing your keys on page 28. Creating a passphrase that you will remember Encrypting a file and then finding yourself unable to decrypt it is a painful lesson in learning how to choose a passphrase you will remember. Most applications require a single word password between three and eight letters. For a couple of reasons we do not recommend that you use a single-word passphrase. A single word password is vulnerable to a dictionary attack, which consists of having a computer try all the words in the dictionary until it finds your password. To protect against this manner of attack, it is widely recommended that you create a word that includes a combination of upper and lowercase alphabetic letters, numbers, punctuation marks, and spaces. This results in a stronger password, but an obscure one that you are unlikely to remember easily. Trying to thwart a dictionary attack by arbitrarily inserting a lot of funny non-alphabetic characters into your passphrase has the effect of making your passphrase too easy to forget and could lead to a disastrous loss of information because you can't decrypt your own files. A multiple word passphrase is less vulnerable to a dictionary attack. However, unless the passphrase you choose is something that is easily committed to long-term memory, you are unlikely to remember it verbatim. Picking a phrase on the spur of the moment is likely to result in forgetting it entirely. Choose something that is already residing in your long-term 21 E-Business Server™ 8.6 Product Guide