Generating Private/Public Encryption Keys

Generate a Master Key Pair (once) with:

openssl genrsa -out master.key 2048
openssl req -new -key master.key -x509 -out master.cert

Save these files (master.key and master.cert) as you will need them to create File Daemon keys or in case you loose the File Daemon keys.

Generate a File Daemon Key Pair for each FD:

openssl genrsa -out fd-example.key 2048
openssl req -new -key fd-example.key -x509 -out fd-example.cert
cat fd-example.key fd-example.cert >fd-example.pem

When configuring the File Daemon (see this section), you will need the keys you just generated here, so you will need to transmit them to the machine where the FD is installed.

Note, there seems to be a lot of confusion around the file extensions given to these keys. For example, a .pem file can contain all the following: private keys (RSA and DSA), public keys (RSA and DSA) and (X.509) certificates. It is the default format for OpenSSL. It stores data Base64 encoded DER format, surrounded by ASCII headers, so is suitable for text mode transfers between systems. A .pem file may contain any number of keys either public or private. We use it in cases where there is both a public and a private key.

Typically, above we have used the .cert extension to refer to X.509 certificate encoding that contains only a single public key.

See also

Go back to:

• Encryption Technical Details

Go to:

• Data Encryption Configuration

• Example Data Encryption Configuration

• Decrypting with Master Key

Go back to the File Daemon Data Encryption chapter.

Go back to the main Data Encryption chapter.

Go back to the main Advanced Features Usage page.