Re: Key length question

From: Michel Gallant (neutron@istar.ca)
Date: 06/28/02 

From: Michel Gallant <neutron@istar.ca>
Date: Fri, 28 Jun 2002 10:13:15 -0400

When you "request a certificate" from a issuing CA, what you
actually do FIRST is locally (on your own machine) generate a
public and private key with a fixed length, which you can often
select (range depending on CSP installed in your OS). When you
send this request object (only containing your public key and information
to be placed in the certificate) the CA validates the information and signs
the certificate itself and returns to you for installation. The CA never
actually sees the private key, nor has any affect on the generated key length.
 - Mitch Gallant
    http://home.istar.ca/~neutron/wsh

Eric wrote:

> Thanks for you answer,
>
> However, this is the case when creating the certificate from IE for
> instance.
> What I was asking is the case where my organisation is a CA issuing
> certificates for our clients using MS Certificate Server..But I guess it's
> the same, it depends on the machine running MS Certificate Server.?
> What about the Session key if I use the CryptoAPI what can be the length?
> Thanks
> Eric
>
> "Yu Chen (MS)" <yuchen@online.microsoft.com> wrote in message
> news:unzWUZjHCHA.1632@tkmsftngp10...
> > Since the key pair is generated by the requesting party, i.e. your client
> > machine,
> > the key length is determined by the OS on your client machine.
> > If you have W2k SP2 installed, the machine has RSA enhanced csp and the
> > default RSA key length is 1024 bits. Of course you can choose other
> lengths
> > when generating the key pair, such as 512, 2048.
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
> >
> > "Eric" <eric.h@netcourrier.com> wrote in message
> > news:uhdRzLfHCHA.1876@tkmsftngp12...
> > > Hi,
> > >
> > > Is the key length in a pki architecture depends only on the CA that
> > provides
> > > the certificates?.
> > > I mean, if I setup the MS Certificate Services on Win2k for issuing
> > > certificates, what will be the maximum key length? Does it depend on the
> > > Operating system? on the MS Certificate Services?
> > >
> > > Thanks
> > > Eric
> > >
> > >
> >
> >

Relevant Pages

  • Re: IIS 6.0 SSL Certificate Difficulties
    ... that is just a plain text file with encrypted detail of your server detail. ... do you export the private key as well? ... > certificate from the IIS Snap-in it says that "You have a private key that ... > Another symptom is that when we create the request on the 2003 server, ...
    (microsoft.public.inetserver.iis)
  • Re: Computer and User Certificates Issues
    ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
    (microsoft.public.security)
  • Re: Problems enabling SSL on AD
    ... Something got hosed between the request for the certificate and the actual ... You probably have the private key on your machine somewhere ... so Windows doesn't know that the cert ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot request computer certificate.
    ... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ...
    (microsoft.public.windows.server.security)
  • Re: Problem processing SSL certificate response.
    ... "Download SSL Diagnostics 1.1 from Microsoft.com and use it to diagnose ... I know why SSL isn't working: there isn't a private key. ... Note that I am able to work around this by requesting/processing a request ... transfering the generated PFX into the certificate store on the IIS machine. ...
    (microsoft.public.inetserver.iis.security)