Overview

All RSA and ECDSA certificates that your Xerox device uses for encryption need to meet the minimum key-length requirements for the device. Note: The Elliptic Curve Data Signature Algorithm (ECDSA) and RSA are independent algorithms used in encryption If you install a certificate that uses ECDSA, it is validated against the ECDSA key-length requirements If you install a certificate that uses RSA, it is validated against the RSA key-length requirements. The minimum key lengths apply to the following certificates: To set certificate key lengths: Existing security certificates installed on your device.  Security certificates imported to your device at a future time. Security certificates that originate from other sources For example, certificates used by smart card and email encryption. Notes : When you import new certificates to your device, the certificate key lengths are validated against the minimum requirements Certificates with key lengths that are less than the minimum key-length requirements are not installed. If you attempt to change a minimum key-length setting to a value that invalidates an installed certificate, the change is rejected. Before you change the key-length setting, remove any noncompliant certificates. When you import new certificates to your device, the certificate key lengths are validated against the minimum requirements Certificates with key lengths that are less than the minimum key-length requirements are not installed. If you attempt to change a minimum key-length setting to a value that invalidates an installed certificate, the change is rejected. Before you change the key-length setting, remove any noncompliant certificates. In the Embedded Web Server, click Properties > Security . Click Certificates > Certificate Key Length . For Minimum RSA Encryption Key Length, select an option: No Minimum 1024-bit 2048-bit* : This option is the default setting This setting is FIPS 140 with Common Criteria compliant. 4096-bit  Note : If FIPS 140 with Common Criteria compliance is enabled completely, options less than 2048 bits are not available. No Minimum 1024-bit 2048-bit* : This option is the default setting This setting is FIPS 140 with Common Criteria compliant. 4096-bit  Note : If FIPS 140 with Common Criteria compliance is enabled completely, options less than 2048 bits are not available. For Minimum ECDSA Encryption Key Length, select 256-bit* or 384-bit* The default setting is 256-bit* Both settings are FIPS 140 with Common Criteria compliant. Click Apply .