Specify an RSA Key Size and Use

Key Size
Use the drop-down list to select a key size.

We recommend that you choose the largest RSA** key size possible. Larger keys are harder to break and provide a more secure environment for your cryptography-enabled application.

Note: Novell Certificate Server queries the server that the key pair is generated on for the largest key size it supports. The mass market exportable version of NICI (Novell* International Cryptography Infrastructure) is limited to 512-bit RSA** keys for data encryption. The U.S. and Canadian version of NICI supports key sizes up to 2,048 bits.

See key size for a table describing restrictions on key size depending on your intended use.

Key Type and Usage
These options allow you to select a key type. Each key type has predefined key usage values associated with it. This association is signified with a check in the check box next to the key usage value when the key type is selected.

These key usages are a subset of the key usages that have been defined in X.509 v3, and they serve different purposes. Data encipherment is asserted when the public key is to be used for encrypting user data (other than cryptographic keys). Key encipherment is asserted when the public key is to be used for encrypting or enciphering other cryptographic keys--for example, for key management purposes. Digital signature is asserted when the public key is used to validate or verify a digital signature.

Unspecified
This option is the default and does not activate any key usage in the certificate. Applications will interpret this in one of two ways: either no key usages are turned on or they are all turned on.
Certificate Authority
This option configures the key so it can be used for the operations of the signature authority. This option activates the Certificate Signing and CRL Signing key usages.
Custom
This option allows you to select any or all of the key usage options manually.

Set the Key Usage Extension to Critical
With any key type except Unspecified selected, you can mark the key usage extension as critical. Any extension that is critical must be understood by the receiving software before the certificate can be used for any purpose. Therefore, marking an extension as critical does pose some risk, since not all applications will be able to use the certificate. However, for well-known extensions such as key usage, the risk is minimal. In general, if key usage is specified, the extension should be marked critical.

* Novell trademark. ** Third-party trademark. For more information, see Trademarks.