Keys Subtab

Keys subtab displays the keys paired with the certificates and the keys that are no longer paired with a certificate.

Keys cannot be downloaded, but the information can be viewed () or a key can be deleted ().

A certificate and key that is paired displays a ( ) icon indicating that the certificate is ready to use. A certificate or key without any pairing is indicated with a ( ) icon. If a certificate or key has expired, then it is indicated with a ( ) icon. Files available in the Other Files subtab will always be marked with a ( ) icon.

The supported key formats that can be uploaded are .crt, .csr, .key, .gpg, .pub, and .pem. For any private key without an extension, when you click Deploy to All Nodes, the permissions for the key changes to 755 making it world readable. To restrict the permissions, ensure that you generate the key with the .key extension.

The keys uploaded to the DSG can either be a non-encrypted private key or an encrypted private key. For either of the key types uploaded, the DSG ensures that the keys in the DSG ecosystem are always present in an encrypted format. When a non-encrypted private key is uploaded to the DSG, you are presented with an option to encrypt the key. If you choose to encrypt the key, DSG requests for a password for encrypting the key before it is stored on the DSG.

It is recommended that any non-encrypted private key is encrypted before it is uploaded to the DSG. Also,

It is recommended that any key uploaded to the DSG is of RSA type and a minimum of 3072-bits for optimum security.