JANOS Help System: [Commands] [Topics] [Tech Support] [Printable Manual] [Search]
Public/Private Key Pair Registry Key OVERVIEW Secure communications require RSA keys. 1024-bit or 2048-bit key lengths are typically used today. Longer keys are usually required to protect highly sensitive information and to increase protection as the computer capacity to break (determine the private key associated with a published public key) increases. The JNIOR control is not intended for use in extremely secure environments and its processing capabilities limit it to a maximum 1024-bit key pair. As shipped the JNIOR is factory configured with a standard 512-bit key. At some point if SSL remains enabled and the JNIOR is connected to an active network, JANOS will initiate the 'Security Update' process. This will generate a unique 1024-bit key replacing the default. This procedure will take an hour or more to complete during which time the JNIOR remains fully functional. This can also be interrupted and restarted as you need. The RSA Key or key pair is required to establish encrypted SSL/TLS communications. It is the two-part key, with a private part and a public part, that allows two parties to privately exchange information. The key pair is used in creating a Certificate that not only conveys the public part of the key to others but serves as device authentication. Certificates are digitally signed using the RSA key. By default the JNIOR creates, and self-signs, its own Certificate. The CERTMGR -V command can be used to verify the current RSA Key and Certificate. jr615010258 /> certmgr -v 1024-bit key pair verifies private key operation requires about 4.0 seconds certificate: Issuer O=INTEG Process Group, OU=JNIOR Controllers, CN=jr615010258 Subject O=INTEG Process Group, OU=JNIOR Controllers, CN=jr615010258 is self-signed valid with current key pair jr615010258 /> As can be seen from this, RSA operations are time-consuming. Security calculations are designed to be so. It is the effort in performing the calculations that makes it extremely difficult for others to attempt to decode the private part of the key. You rely on this. Fortunately, the RSA calculation is performed only once in setting up a secure connection to convey a unique one-time shared secret that the two parties will then use to efficiently encrypt and decrypt their communications. The CERTMGR command may also be used to install an externally generated RSA key pair. This is limited to a 1024-bit key length. The Security Update process will not overwrite an externally loaded key pair. JANOS can work with keys up to 4096-bit should that be in use by the remote party seeking connection. The CERTMGR command also allows you to install and manage an externally generated Certificate. SEE ALSO HELP Topics: CERTMGR [/flash/manpages/registry.hlp:1005]