FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |

#3951 [RFE] ECC Support for the CA

Created 3 years ago by meesvirk
Modified 23 days ago

FreeIPA should support ECC algorithms for the CA features in addition to the RSA. This should be preferably be offered out of the box as an option.

A brief overview on the practical impact of choosing between RSA and ECC can be read from for example RFC 4492:

   Elliptic Curve Cryptography (ECC) is emerging as an attractive
   public-key cryptosystem, in particular for mobile (i.e., wireless)
   environments.  Compared to currently prevalent cryptosystems such as
   RSA, ECC offers equivalent security with smaller key sizes.  This is
   illustrated in the following table, based on [18], which gives
   approximate comparable key sizes for symmetric- and asymmetric-key
   cryptosystems based on the best-known algorithms for attacking them.

                    Symmetric  |   ECC   |  DH/DSA/RSA
                        80     |   163   |     1024
                       112     |   233   |     2048
                       128     |   283   |     3072
                       192     |   409   |     7680
                       256     |   571   |    15360

                  Table 1: Comparable Key Sizes (in bits)

   Smaller key sizes result in savings for power, memory, bandwidth, and
   computational cost that make ECC especially attractive for
   constrained environments.

Not only more efficient today, ECC will probably withstand the future developments in cryptoanalysis better. Many crypto systems such as SSL/TLS certificates are used to protect important data for long periods of time, at least until the data has lost its value already. For some information this can mean decades.

To counter-balance the projected advancements one of the main mitigation tools used is increasing the key sizes. Alas, this can not be done very far with RSA. Several embedded platforms such as smart cards will start failing to function rapidly as the key sizes increase. For example RSA smart cards will typically start failing at between 3-5 kilobits. ECC algorithms will fare better on limited hardware.

FreeIpa should, to ensure longevity of the product, implement ECC as soon as possible. It is one of the major features that will in the near future start impacting product selection for CA applications.

Jan, I checked caIPAserviceCert.cfg and this will indeed require a change in the profile (as we discussed):

policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA, MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC

ECC is now officially available in Fedora, see the result in Bug 319901 (and the related juicy discussion). We can now reconsider when to introduce the support (at least signing ECC certificates).

I am thinking we may do it along with #3977 - another cert profile change.

The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.

If anyone is willing to help and contribute to this one, please let us know!

See (Support Lightweight CA key replication with non-RSA host authority). This is a prerequisite to supporting EC CA in FreeIPA.

23 days ago

Metadata Update from @meesvirk:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.5 backlog

Login to comment on this ticket.



Certificate management