Registration for high security credentials and identity federation

The DigitalKey contains openOSI high security set of credentials

What is it ?

The DigitalKey is what you get when PreRegistration process is completed. It is your high security credentials, stored in a file, your browser or in a device. It is a set of data, in appropriate format (see below). A DigitalKey contains a Private Key and a Public key. See an example below of a public key. A signed public key is called a certificate .

To authenticate, You may automatically present your DigitalKey when requested by an enabled web service. No password is necessary, unless you have protected access to your digital Kay by a password. Note: that protection of your Digital Key varies depending on the software used to store it (typically web browser). Internet Explorer uses a password for each Digital Key, whereas Firefox uses unique security devices (password protected).

To sign a file, a message, or to login you use your private key, but in any case the private key itself IS NOT exchanged over Internet.

To encrypt a file, your appropriate software uses the public key of the person allowed to decrypt (may be yourself). To decrypt the encrypted file your software uses your private key. Public keys may be safely published over the internet without risk for related encrypted data (it is not possible to decrypt with the public key).

Your digital Key is a digital "key ring" which private key MUST be kept private, and public key MAY be distributed to anyone. Software, including internet browsers manage this "key ring" for you. It is generally necessary to have separate software for encryption/ decryption. Your favorite mail application is generally able to handle your "key ring" for message signing purposes. It is also the case of publishing software like ADOBE ACROBAT for signing any documents. It may be necessary to load your digital key in several of these software pieces.

How to get it ?

Go to the Registration Server and use your ConfirmedIdentity (temporary credentials: UserName + UserPassword), to retrieve your DigitalKey. It comes embedded in a file to download. Most browser recognize the specific extension / format (p12, pem, jks) and will display appropriate import wizzard.

How to keep it in a safe store ?

Most modern browsers offer a safe way to store and manage certificates (technical name for DigitalKey). For example, check the following tabs:

• Microsoft Internet Explorer: Check Tools Internet options Content Certificates
• Mozilla / Firefox: Check Tools Options Advanced Security
• Apple Mac Os X and Safari: Check Applications utilities Keychains

What about the differents file format for DigitalKeys ?

A DigitalKey (certificate) has a standard content/meaning across Internet. But depending on your preferred environment, these data are stored in specific formats as follows:

• For Microsoft windows: P12 extension - PKCS#12 format DER encoded; also known as PFX (Personal Information Exchange).
• For Linux and Apple Mac Os X: pem format, base64 encoded
• For JAVA in all environment: JKS (Java Key Store), p12 may also be accepted

More about Digital keys

A DigitalKey is a digital certificate, compliant with ISO X509 standard more ....

An example: the public key part (certificate) of openOSI class 1 certification authority and a virtual user Digital Key (Burning.Man)

See attached files:

• File with Microsoft extension .p7b: openosiCA1-DC signer certificate
• File with Microsoft extension .cer: Burning.Man Digital Key (certificate in DER format)
• File with extension .pem: Burning.Man Digital Key (certificate in PEM format)
• File with extension .txt: Burning.Man Digital Key (certificate printed out in readable format)