Installing a Registration ManagerChapter 4 Registration Manager 137If you decide to generate a new signing key, one of the first decisions you need tomake is whether to use the RSA or DSA algorithm. If you use DSA, the softwarecan generate and verify the PQG value. PQG values are used to create the DSAsigning key pair. For more information about the way they are used, check thisdocument: http://www.itl.nist.gov/div897/pubs/fip186.htm.In general, longer keys are considered to be cryptographically stronger thanshorter keys. However, longer keys also require more time for signing operations.(Certificate Manager CA signing keys up to 2048 bits in length are not subject toexport restrictions.)Many people no longer consider an RSA key of length less than 1024 bits to becryptographically strong. Export and other regulations permitting, it may be agood rule of thumb to start with 1024 bits and consider increasing the length to4096 bits for certificates that provide access to highly sensitive data or services.However, the question of key length has no simple answers. Every organizationmust make its own decision based on its own security requirements. For moreinformation on key length and encryption strength, see Appendix D of ManagingServers with Netscape Console.TokensYou choose either the internal token (if you plan to use the internal/softwaretoken) or an external token to store the signing certificate and key pair and the SSLsigning certificate and key pair.If you are using an external token, you will need to install it before you run theInstallation Wizard. In the wizard, you can select from a list of already installedand available tokens. For example, SmartCard. For installation instructions, see“External Token” on page 314.Installing a Registration ManagerTo install a standalone Registration Manager:1. Log into Netscape Console as the administrator.2. Select the CMS instance and then either click Open, or double click thisinstance.The Installation Wizard launches.3. Installation Wizard Introduction. Click Next to continue.