KeyMan

1. What are CA and Peer certificates?

Certificates contained in a token establish trust. They define whom you trust. What trust means and the exact evaluation of the certificates depends on the application using the token. With KeyMan, you can setup two types of trust for certificates: CA and Peer. If you trust a certificate as CA, you implicitly trust any certificate directly or indirectly signed by this CA. If you set the trust level to "Peer," you trust only this particular certificate. Trust is not extended to certificates signed by a "Peer" certificate.

Back to top

2. What are these certificates that are neither private, nor CA, nor Peer certificates?

KeyMan tries to store for each private certificate the full chain up to the root certificate. These certificates need not be trusted and therefore will not appear among the CA or Peer certificates. You can find these certificates by selecting the key ring "All Certificate Items." The untrusted certificates have no icon.

Back to top

3. What is a token?

A token is a collection of keys, certificates, and CRLs. A token is stored on some media (such as a file, a URL, piece of hardware, etc.). There are different types of tokens with different capabilities: software tokens, hardware tokens, unprotected tokens, and tokens protected by passwords or PINs.

Back to top

4. What is a key ring?

A token consists of a set of key rings. A particular key ring identifies a specific set of items (such as certificates of the same trust level, or certificates for which you own the private key, or keys without matching certificates).

Back to top

5. Why are Sun JDK 1.1.8L (or above) and Microsoft jview 5.00.3188 (or above) recommended?

They are recommended because AWT has numerous bugs in different versions of JDK and across different platforms and because JIT compilers also have subtle bugs which have disastrous effects on cryptographic algorithms.

Back to top