Previous Topic: Introduction to CA Auth IDNext Topic: How Cryptographic Camouflage Works

CA Strong Authentication UNIX Installation GuideUnderstanding the BasicsCA Auth ID Key ConceptsCA Auth ID File Structure

CA Auth ID File Structure

The CA Auth ID contains the following main components:

  1. The standard X.509v3 digital certificate with a CA-specific extension.
  2. A second pair of public and private keys that is generated for authenticating to CA Strong Authentication Server. It is not used for general signing or encryption.

    The public key is stored in the encrypted format. It is encrypted using the Domain Key, which is used to create and authenticate CA Auth IDs. You can configure a domain key at the global-level or at the organization-level. The CA Auth ID issued with the organization-specific domain key cannot be used across organizations.

    The private key is cryptographically camouflaged by using the CA Auth ID password.

  3. A section to store the user’s Open PKI keys and certificates, which they can use for signing, encrypting, and decrypting. See "CA Auth ID as a Secure Container (Key Authority)" for more information.