Majic Projects
Gimmecert
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Gimmecert / Closed Feature request GC-37 Ability to provide private key specification for key generation
action_vote_minus_faded.png
0
Votes
action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Feature request
  • Category
    Not determined
  • Targetted for
    0.4.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    8 hours
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

In some cases it is necessary to generate and use ECDSA private keys instead of the default ones. To be able to do that, it is necessary to be able to pass-in information about the private key generation parameters to the tool for a number of commands.

On top of this it is also important to be able to see what is the current private key algorithm in use.

The following should be done:

  • Add key specification option to the following commands:
    • init
    • server
    • client
    • renew
  • The new option should be implemented with the following constraints in mind:
    • RSA private keys should be definable using the format: rsa:BIT_LENGTH.
    • ECDSA private keys should be definable using the format: ecdsa:CURVE_NAME.
    • Make the key specification case-insensitive.
    • When initialising a new CA hierarchy, default to using 2048-bit RSA private keys by default if the key specification is not passed-in by the user.
    • When initialising a new CA hierarchy, use the same private key algorithm for all CAs in the hierarchy.
    • When issuing end entity certificates, default to using the same private key specification as used for the issuing CA.
    • When renewing certificates with private key generation, default to using the same private key specification as used by the previous key/certificate pair.
  • Update status command to show private key algorithm used by each issued certificate.
  • Documentation should cover:
    • New option usage, with examples on how to both initialise a new CA hierarchy and override private key algorithm for individual server/client certificates.
Todos (0 / 0)
There are no comments