User Guide: PTP 600 Series
Security planning
phn-0896_012v000
Jul 2010
2-37
Security planning
Planning for HTTPS/TLS operation
Before starting to configure HTTPS/TLS operation, ensure that the cryptographic
material listed in
Table 2-3
is available.
Table 2-3 HTTPS/TLS security material
Item
Description
Quantity required
Key of Keys
An encryption key generated using a
cryptographic key generator. The key
length is dictated by the installed license
key. License keys with AES-128 will
require a key of keys of 128-bits. License
keys with AES-256 will require a key of
keys of 256-bits. The key output should be
in ASCII hexadecimal characters.
Two per link. For
greater security, each
link end should be
allocated a unique
Key of Keys.
TLS Private
Key and
Public
Certificates
An RSA private key of size 1024,
generated in either PKCS#1 or PKCS#5
format, unencrypted, and encoded in the
ASN.1 DER format.
An X.509 certificate containing an RSA
public key, generated in either PKCS#1 or
PKCS#5 format, unencrypted, and
encoded in the ASN.1 DER format.
The public key certificate must form a
valid pair with the private key.
Two pairs per link.
These items are
unique to IP address.
User
Defined
Security
Banner
The purpose of this banner is to tell users
that the system is secure. Use text that is
appropriate to the network security policy.
Normally one per
link. This depends
upon network policy.
Entropy
Input
This must be of size 512 bits (128
hexadecimal characters), output from a
random number generator.
Two per link. For
greater security, each
link end should be
allocated a unique
Entropy Input.
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299