Post-implementation of the new Interoperability Guidelines, following vital points should be considered :
DSCs issued wef 04.04.2011 shall have increased key length of 2048 bits against current 1024 bits for better security.
As per CCA guidelines, every CA including (n)Code will only issue 1 year DSC wef 04.04.2011 to 31st Dec 2011.
There would be two different certificates – ONLY Signing & ONLY Encryption.
Now most of the 32k tokens may not be compatible with the newly issued DSC’s as the token’s Operating System was not designed for storing certificates of 2048 bit key length.
Please note :
All the DSCs issued before 4th April 2011 are valid certificates and will continue to work till its expiry.
The customers whose old 1024Bits DSC has not expired may continue to use the 32k tokens till their DSC expires. On renewal, they may need to replace the tokens. Also be informed that a single token can store both the pfx, ONLY ENCRYPTION as well as ONLY SIGNING.