Managing Symmetric Keys

Symmetric keys are used in the configuration of the Symmetric Cryptography and Encrypting/Decrypting XML filters. A symmetric key is a random string that is combined with a message according to the algorithm specified when it was first created. Keys can be imported, exported or created on the spot. If you want to create them on the spot, a name for the key, its associated algorithm and the key size must be provided.

Refer to Understanding Cryptography for details on cryptography, keys, and algorithms.

Viewing Symmetric Keys

To view the symmetric keys registered on the Rhapsody server, navigate to View>Certificate and Key Manager to display the Certificate and Key Manager and select the Symmetric Keys tab:

The tab provides the following information:

Field	Description
Alias	The unique user-defined name for the key.
Symmetric Algorithm	Identifies the symmetric algorithm used.
Key Size	The bit size of the key.

You can perform the following actions from the tab via buttons or the right-click menu:

Action	Description
Import...	Add a symmetric key.
Export...	Save a symmetric key by exporting it.
Generate New...	Generate a new symmetric key.
Remove	Delete a symmetric key.
Show Uses	Open the Security Object Uses dialog to display the components a symmetric key is being used in. Double-click a component to view or edit its configuration properties.
Filter	Perform text-based filtering to filter the list of displayed symmetric keys.

Importing a Symmetric Key

To import a symmetric key onto the Rhapsody server:

Navigate to View> Certificate and Key Manager to display the Certificate and Key Manager.
On the Symmetric Keys tab, select the Import... button. The Import Symmetric Key dialog is displayed:
Enter:
- A name in the Key Alias field to identify the key, if required.
- The path of the key you want to import in the Filename field or click the Browse link to locate it.
Select the encryption algorithm which the key is to be used for from the drop-down list.
Select the OK button to import the key.

Exporting a Symmetric Key

The 'Export symmetric keys' access right is required to export symmetric keys. By default, this privilege is only given to the root Administrator user.

To export a symmetric key from the Rhapsody server:

Navigate to View> Certificate and Key Manager to display the Certificate and Keys Manager.
On the Symmetric Keys tab, select a key and then select the Export... button. The Export Symmetric Key dialog is displayed:
Decide where you want to store the exported key, then select the Save button.

Generating a Symmetric Key

To generate a new symmetric key:

Navigate to View>Certificate and Key Manager to display the Certificate and Keys Manager.
On the Symmetric Keys tab, select the Generate New... button. The Generate Symmetric Key dialog is displayed:
Select the algorithm which the key is to be used for from the drop-down list.

Under Key Size:

If you want to...

Then...

Retain the default key size

Select the Use the default key size for the algorithm radio button.

Specify the key size

1. Select the Specify a key size (bits) radio button.
2. In the field, enter the size. The following table lists the acceptable range and default values for each algorithm:

Algorithm	Acceptable Range (bits)	Default Key Size (bits)
AES	0 .. 256	192
Blowfish	0 .. 448	448
CAST5	0 .. 128	64
CAST6	0 .. 256	256
DES	56	56
DESede	128, 192	128
IDEA	128	128
RC2	0 .. 1024	128
RC4	40 .. 2048	128
RC5	0 .. 128	128
RC6	0 .. 256	128
Rijndael	0 .. 256	192
Skipjack	0 .. 128	128
Twofish	128, 192, 256	256
Serpent	128, 192, 256	256

In the Filename field, enter a name for the symmetric key.
Select the Generate button to generate the symmetric key.

Removing a Symmetric Key

To remove a symmetric key:

Navigate to View>Certificate and Key Manager.
On the Symmetric Key tab, select the key you want to remove.
Select the Remove button. A confirmation dialog is displayed.
Select the Yes button on the confirmation dialog to remove the key (you can undo the deletion by selecting the Undo Remove button).