Canon imageCLASS D1620 User Manual

● IPSec supports communication to a unicast address (or a single device).● The machine cannot use both IPSec and DHCPv6 at the same time.◼ Registration of Keys and Certificates● If you install a key or CA certificate from a computer, make sure that they meet the following requirements:Format ● Key: PKCS#12*1● CA certificate: X.509 DER/PEMFile extension ● Key: ".p12" or ".pfx"● CA certificate: ".cer" or ".pem"Public key algorithm(and key length)● RSA (512 bits, 1024 bits, 2048 bits, 4096 bits)● DSA (1024 bits, 2048 bits, 3072 bits)● ECDSA (P256, P384, P521)Certificate signature algorithm● RSA: SHA-1, SHA-256, SHA-384*2, SHA-512*2, MD2, MD5● DSA: SHA-1● ECDSA: SHA-1, SHA-256, SHA-384, SHA-512Certificate thumbprint algorithm SHA1*1Requirements for the certificate contained in a key are pursuant to CA certificates.*2SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.● The machine does not support use of a certificate revocation list (CRL).◼ Definition of "Weak Encryption"When is set to , the use of the following algorithms is prohibited.Hash: MD4, MD5, SHA-1HMAC: HMAC-MD5Common key cryptosystem: RC2, RC4, DESPublic key cryptosystem: RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024bits), DH (512 bits/1024 bits)● Even when is set to , the hash algorithm SHA-1, which is used forsigning a root certificate, can be used.Appendix681