|
PKI Services supports the following standards for public key cryptography:
- Secure Sockets Layer (SSL) version 2 and version 3, with client authentication
- PKCS #10 browser and server certificate format, with a base64-encoded response
- IPSEC certificate format
- S/MIME certificate format
- Browser certificates for:
- 32-bit versions of Microsoft Internet Explorer
- Mozilla-based browsers such as Mozilla Firefox
- Server certificates
- LDAP standard for communications with the Directory
- X.509v3 certificates
- Certificate revocation lists (CRLv2)
- RSA and Elliptic Curve Cryptography (ECC) algorithms for encryption and signing:
- RSA key lengths from 512 bits up to 4096 bits
- NIST ECC key lengths of 192, 224, 256, 384, and 521 bits
- Brainpool ECC key lengths of 160, 192, 224, 256, 320, 384, and 512 bits
- DSA algorithms for signing:
- Key lengths up to 1024 bits
- MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 hash algorithms
- Online Certificate Status Protocol (OCSP)
- Simple Certificate Status Protocol (SCEP)
- Certificate Management Protocol (CMP)
The LDAP standard that PKI Services supports is LDAP version 2. A directory using LDAP version 3 (with RFC 1779 syntax), is acceptable if it is backwardly compatible with version 2.
|
