Keys

Key management on the UTM

Last adaptation to the version: 12.6.1

New:

Neuer Schlüssel-Typ: OVPN_STATIC_KEY

notempty

This article refers to a Resellerpreview

12.5.1 12.6.0 12.2.4 11.7

Preliminary note

The keys on the UTM are used both for encryption (e.g. of VPN connections) and for signing (e.g. DKIM)
Locally generated keys always consist of a public and a private part

Only the public part should end up in someone else's hands

Schlüssel Übersicht

Caption	Description		Keys UTMuser@firewall.name.fqdnAuthentication Key management
Name	Name of the key
Type	Key type RSA x25519 ed25519 OVPN_STATIC_KEY notempty New as of v12.6.1
Hash	Hash value of the key
Length	Key bit length
Export key
Public part (Format)	Key part is saved as a file in the set format (see below) The suggested file name consists of the name of the key and - depending on the key part - the extension priv or pub.
Public part (Format)	Key part is copied to the clipboard in the set format (see below)
Delete	Deletes the key

	Opens the key export settings		Dropdown menu with settings for key export
Export destination	FileClipboard	Exports the respective key part either to a file or to the clipboard
RSA export format:	PemHEXB64	Exports the RSA key part in Pem, Hex or Base64 format
ED25519/X25519 export format:	PemRAW	Exports ED25519/X25519 keys in Pem or RAW format

Add key
Create a new key with the Add key button.
Name:	RSA-Demo	Enter the desired name of the key	Add key UTMuser@firewall.name.fqdnAuthenticationKeys Add key dialog
Type	RSA	Select cryptographic method RSA used for: IPSec, Mailrelay
	ED25519	Used for: Mailrelay (signing)
	X25519	Used for: WireGuard
	OVPN_STATIC_KEY notempty New as of v12.6.1	Verwendet für statische SSL-VPN Schlüssel (openvpn tls-auth)
Key length: Only for RSA:	512 1024 2048 3072 (Default) 4096	Select bit-length of the key
		Legt den Schlüssel an und schließt den Dialog
		Schließt den Dialog ohne einen Schlüssel anzulegen

Import key
Import a key by clicking the Import key button.
Import from file Import from file
Import option:	FileClipboard	The import is done from a file. The key name corresponds to the file name followed by the format	Import key UTMuser@firewall.name.fqdnAuthenticationKeys Upload Import key from file dialog
Datei:	Browse...	Select the file that contains the key to be imported
File type:	determine automatically	The key type can be determined automatically. Alternatively, type can be specified manually.
Format	PEM RAW HEX B64	Select the format in which the key is provided
Type Only for RAW, HEX & B64	private	The key is to be imported as a private key part
Type Only for RAW, HEX & B64	public	The key is to be imported as a public key part

Import from clipboard Import from clipboard
Import option:	FileClipboard	Der Import erfolgt über die Eingabe eines Wertes	Import key UTMuser@firewall.name.fqdnAuthenticationKeys Upload Dialog Import key from clipboard
Name	ed25519-mx.ttt-point.de	Enter the desired name of the key
Key value	MCowBQYDK2VwAyEA…	Key from the clipboard
File type:	determine automatically	The key type can be determined automatically. Alternatively, type can be specified manually.
Format	PEM RAW HEX B64	Select the format in which the key is provided
Type Only for RAW, HEX & B64	private	The key is to be imported as a private key part
Type Only for RAW, HEX & B64	public	The key is to be imported as a public key part

Schlüssel Übersicht

Export key

Add key

Import key

Import from file

Import from clipboard