#1460 Add 'pkispawn' man page example for ECC
Closed: Fixed None Opened 8 years ago by mharmsen.

A 'pkispawn ' man page example is desperately needed to show users how to configure ECC.

I suggest something similar to the following:

   CA using ECC configuration parameters

       pkispawn -s CA -f myconfig.txt

       where myconfig.txt contains the following text:

              [DEFAULT]
              pki_admin_password=password123
              pki_client_pkcs12_password=password123
              pki_ds_password=password123
              pki_ssl_server_key_algorithm=SHA256withEC
              pki_ssl_server_key_size=nistp256
              pki_ssl_server_key_type=ecc
              pki_subsystem_key_algorithm=SHA256withEC
              pki_subsystem_key_size=nistp256
              pki_subsystem_key_type=ecc

              [CA]
              pki_ca_signing_key_algorithm=SHA256withEC
              pki_ca_signing_key_size=nistp256
              pki_ca_signing_key_type=ecc
              pki_ca_signing_signing_algorithm=SHA256withEC
              pki_ocsp_signing_key_algorithm=SHA256withEC
              pki_ocsp_signing_key_size=nistp256
              pki_ocsp_signing_key_type=ecc
              pki_ocsp_signing_signing_algorithm=SHA256withEC

       In order to utilize ECC, the SSL Server and Subsystem key algorithm,
       key size, and key type should be changed from SHA256withRSA --> SHA256withEC,
       2048 --> nistp256, and rsa --> ecc, respectively.

       Additionally, for a CA subsystem, both the CA and OCSP Signing key algorithm,
       key size, key type, and signing algorithm should be changed from
       SHA256withRSA --> SHA256withEC, 2048 --> nistp256, rsa --> ecc, and 
       SHA256withRSA --> SHA256withEC,respectively.

       NOTE:  For all PKI subsystems, ECC is not supported for the corresponding
              Audit Signing parameters.  Similarly, for KRA subsystem, ECC is not
              supported for either of the corresponding Storage or Transport
              parameters.

Per CS/DS Meeting of 07/06/2015: 10.2 Backlog (critical)

Pushed to 'master':

  • baa3a78df1be63056b5e65123d1e3e2097fcb61e

Metadata Update from @mharmsen:
- Issue assigned to mharmsen
- Issue set to the milestone: 10.2.6

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2019

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata