A 'pkispawn ' man page example is desperately needed to show users how to configure ECC.
I suggest something similar to the following:
CA using ECC configuration parameters pkispawn -s CA -f myconfig.txt where myconfig.txt contains the following text: [DEFAULT] pki_admin_password=password123 pki_client_pkcs12_password=password123 pki_ds_password=password123 pki_ssl_server_key_algorithm=SHA256withEC pki_ssl_server_key_size=nistp256 pki_ssl_server_key_type=ecc pki_subsystem_key_algorithm=SHA256withEC pki_subsystem_key_size=nistp256 pki_subsystem_key_type=ecc [CA] pki_ca_signing_key_algorithm=SHA256withEC pki_ca_signing_key_size=nistp256 pki_ca_signing_key_type=ecc pki_ca_signing_signing_algorithm=SHA256withEC pki_ocsp_signing_key_algorithm=SHA256withEC pki_ocsp_signing_key_size=nistp256 pki_ocsp_signing_key_type=ecc pki_ocsp_signing_signing_algorithm=SHA256withEC In order to utilize ECC, the SSL Server and Subsystem key algorithm, key size, and key type should be changed from SHA256withRSA --> SHA256withEC, 2048 --> nistp256, and rsa --> ecc, respectively. Additionally, for a CA subsystem, both the CA and OCSP Signing key algorithm, key size, key type, and signing algorithm should be changed from SHA256withRSA --> SHA256withEC, 2048 --> nistp256, rsa --> ecc, and SHA256withRSA --> SHA256withEC,respectively. NOTE: For all PKI subsystems, ECC is not supported for the corresponding Audit Signing parameters. Similarly, for KRA subsystem, ECC is not supported for either of the corresponding Storage or Transport parameters.
Per CS/DS Meeting of 07/06/2015: 10.2 Backlog (critical)
Pushed to 'master':
Metadata Update from @mharmsen: - Issue assigned to mharmsen - Issue set to the milestone: 10.2.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2019
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.