[BlueOnyx:21510] Re: Certficate 4096 bit keys
Michael Stauber
mstauber at blueonyx.it
Sun Nov 5 20:55:17 -05 2017
Hi Ernie,
> Are the keys generated by BlueOnyx campatible with this 4096-bit RSA key
> format?
Not yet. Like everyone else we're still doing the "genrsa" stage of the
CSR generation with 2048 bit:
sub _gen_private_key {
my $cert_dir = shift;
Sauce::Util::modifyfile("$cert_dir/key");
system($OPENSSL, 'genrsa', '-out', "$cert_dir/key", '2048', '-sha256');
Sauce::Util::chmodfile(0640, "$cert_dir/key");
return ($? ? 0 : 1);
}
But that is trivial to fix. We just need a pulldown in the GUI to let
you choose if you want 2048 (current default) or 4096 bit and this
subroutine then uses whatever you specified.
That would cover 4096-bit and SHA-256.
However, the notice said: "4096-bit RSA key, P-384 ECC key, and SHA-256".
I'm not sure where "P-384 ECC" fits in there, as that would be used
during the "genpkey" stage like this:
ECC P-384:
==========
openssl genpkey -algorithm EC \
-pkeyopt ec_paramgen_curve:P-384 \
-pkeyopt ec_param_enc:named_curve |
openssl pkcs8 -top8 -nocrypt -outform der > p384-private-key.p8
So I need to check where we create the private key and fiddle with it's
generation as well.
Anyway, Ernie: Thanks for the heads up. I'll look into it.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list