...
HTML |
---|
<iframe width="560" height="315" src="https://www.youtube.com/embed/59csB3jiOeQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> |
PlayBook
Key data
Key type | Key Subject | Key Duration |
---|---|---|
RSA 4096bit | O=GEANT, CN=eduGAIN RSA Signer CA 2022 | 20 Years |
ECC 384bits | O=GEANT, CN=eduGAIN ECC Signer CA 2022 | 20 Years |
Key generation
- Prepare key storage computer for use.
- Connect and verify RNG.
- Use the RNG to create and set a static password in the two yubikeys.
- Generate RSA 4096 bits and ECC 384 bits keypairs , encrypt using yubikey in static mode.
- Decrypt RSA private key using yubikey in static mode, temporarily stored in /dev/shm.
- Issue self-signed certificate using keypair.
- Copy the keys to two USB sticks.
- Generate sha1 and sha256 fingerprint of certificate.
- Copy the RSA certificate to a USB stick and send it to the eduGAIN OT.
- Shutdown key storage computer.
...