Keypairs
A keypair refers to a public key and an associated private key. The public key encrypts data that can only be decrypted by its associated private key, thereby establishing an encrypted connection.
Keypair generation
When you request a certificate in CertCentral, DigiCert® KeyLocker automatically generates a keypair with the following parameters on a FIPS 140-2 level 3 compliant hardware security module (HSM).
Field | Description |
---|---|
Keypair type | Select Static (keypair will remain the same). |
Keypair alias | A unique name will be generated to identify this keypair. You can change the keypair alias. |
Algorithm | RSA |
Key size | 3072 |
Keypair category | Production |
Keypair storage | HSM |
Keypair status | Online (can be used to sign anytime). |
Access | Open (can be used by any account user). |
View keypair
You can view keypairs from Software Trust Manager or SMCTL.
Identify keypair alias
Retrieve the keypair alias via DigiCert® KeyLocker or Signing Manager Controller (SMCTL).
Keypair validity
By default, your keypair has no expiry date. We introduced the keypair expiry feature to enable you to re-key, which refers to the process of replacing your keypair algorithm with a stronger algorithm when your keypair expires. The main purpose of this feature is to get you post-quantum cryptography (PQC) ready by replacing your keypairs using vulnerable algorithms with PQC compliant algorithms.
Keypair validity is associated with our certificate auto-renewal feature. You can set your keypair expiry date to match your certificate expiry date, this ensures that your keypair will be replaced when you certificate expires and is replaced with a new certificate. The added benefit of matching these dates is preventing a disruption in your signing workflows.
To set an expiry date for a keypair with no certificate associated:
Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > KeyLocker.
Select Keypairs.
Click the keypair alias you want to update.
Select the edit icon next to Keypair validity.
Complete the following fields:
Field
Description
Expires on
Select the date that you want the keypair to expire.
Anmerkung
The keypair expires at midnight on the day you selected.
Click Update.
To set an expiry date for a keypair with a certificate associated:
Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > KeyLocker.
Select Keypairs.
Click the keypair alias you want to update.
Select the edit icon next to Keypair validity.
Complete the following fields:
Field
Description
Expires on
Select the date that you want the keypair to expire.
Anmerkung
The keypair expires at midnight on the day you selected.
Click Update.