A pair of asymmetric keys (one public and the other private) makes SSL authenticity verification and encryption possible. The term “asymmetric” means that each key is unique but they match each other. The signing of certificates with the private key is required to verify authenticity. Both keys are required to encrypt information. In advance, key generation software running on a JACE generates this pair of asymmetric keys.
-
A public key is a string of bytes wrapped by a certificate. This key resides in the server’s Trust Store and is used to identify the authenticity of the connecting client certificate.
-
A private key is also a string of bytes that resides on the authentic server. The root certificate’s private key must be physically protected for a chain of trust to remain secure. A private key must not be sent via email, and, if necessary, should be physically transported (on a thumb drive or other medium that is not connected to the internet).