Manualshelf

Specifications

ManualsBrandsDVS ManualsComputer equipmentClipster
31323334353637383940
6-8
Miscellaneous
Encryption Key
The Encryption Key is an asymmetric key pair (RSA) used to encrypt and
decrypt the AES key. Typically this key pair is generated by the manu-
facturer of the D-Cinema player and handed to the purchaser of the
player.
–The public key of the Encryption Key is used to encrypt the AES
key when it is written to the KDM. Usually it is embedded in a
certificate file.
–The private key of the Encryption Key is stored on the D-Cin-
ema server at the recipient’s site. It is used to decrypt the AES
key provided via the KDM.
The private key is stored at the recipient’s site and will not be distribut-
ed. Thus it can be disregarded because it will not be available to you.
The public key should have been sent to you in a signed certificate to
enable you to create a DCP for this player. It has to be set on CLIPSTER.
Signing Key
The Signing Key is an asymmetric key pair (RSA) used to sign and vali-
date the files of a DCP (e.g. KDM or CPL). With it the creator of the
DCP digitally signs the extra files, while the recipient will be able to ver-
ify that the DCP was distributed by the creator/distributor and not al-
tered in the meantime.
Because DVS will not be the creator of a DCP (just the manufacturer of
the DCI Mastering system), the user of CLIPSTER has to provide this
key. For a DCI Mastering DVS suggests that you use either your own
Signing Key or one provided by your client.
–The private key of the Signing Key is used to create a signature
for the files of a DCP, i.e. it is used to encrypt hash values of the
files.
–The public key of the Signing Key will be part of a certificate
that will be attached to the extra files (if required, the certificate
chain will be attached).
The most appropriate way to receive a Signing Key is to order
it from a certificate authority (CA). However, you can find in-
cluded in the delivery of the CLIPSTER DCI Mastering feature
a tool that can be used to create a Signing Key (i.e. a self-
signed certificate).
Do not take the step of creating your own Signing Key lightly.
With it you should define and install a certificate hierarchy to
enable others to validate your identity. You are the one re-
sponsible for the certificates issued within your certificate
chain.