KeyMan
A tool for managing keys, certificates, certificate revocation lists (CRLs), and the respective repositories for storing and retrieving these items.
Date Posted: June 30, 2000
|
|
 |
 |
|
 |  Certificates contained in a token establish trust. They define whom you trust. What trust means and the exact evaluation of the certificates depends on the application using the token. With KeyMan, you can setup two types of trust for certificates: CA and Peer. If you trust a certificate as CA, you implicitly trust any certificate directly or indirectly signed by this CA. If you set the trust level to "Peer," you trust only this particular certificate. Trust is not extended to certificates signed by a "Peer" certificate.
| | |
 |  KeyMan tries to store for each private certificate the full chain up to the root certificate. These certificates need not be trusted and therefore will not appear among the CA or Peer certificates. You can find these certificates by selecting the key ring "All Certificate Items." The untrusted certificates have no icon. | | |
 |  A token is a collection of keys, certificates, and CRLs. A token is stored on some media (such as a file, a URL, piece of hardware, etc.). There are different types of tokens with different capabilities: software tokens, hardware tokens, unprotected tokens, and tokens protected by passwords or PINs. | | |
 |  A token consists of a set of key rings. A particular key ring identifies a specific set of items (such as certificates of the same trust level, or certificates for which you own the private key, or keys without matching certificates). | | |
 |  They are recommended because AWT has numerous bugs in different versions of JDK and across different platforms and because JIT compilers also have subtle bugs which have disastrous effects on cryptographic algorithms. | |
|
|
 |
|
| |