Bug 904289 - Add ECC Support to Certificate Profiles

author: Christina Fu <cfu@redhat.com> 2013-03-25 02:02:38 -0700
committer: Christina Fu <cfu@redhat.com> 2013-03-25 02:02:38 -0700
commit: d755ecbbbba7a43fa0ae3b077296896c56868800 (patch)
tree: ed00cec1e7c490d72bad76012833d36418b8a747 /base/ca
parent: 558d90e0ab80e4453a4c546d01f84df9e9dd33ef (diff)
download: pki-d755ecbbbba7a43fa0ae3b077296896c56868800.tar.gz
pki-d755ecbbbba7a43fa0ae3b077296896c56868800.tar.xz
pki-d755ecbbbba7a43fa0ae3b077296896c56868800.zip
14 files changed, 24 insertions, 24 deletions
diff --git a/base/ca/shared/profiles/ca/caAgentServerCert.cfg b/base/ca/shared/profiles/ca/caAgentServerCert.cfg
index d0aac7a8f..954338330 100644
--- a/base/ca/shared/profiles/ca/caAgentServerCert.cfg
+++ b/base/ca/shared/profiles/ca/caAgentServerCert.cfg
@@ -29,8 +29,8 @@ policyset.serverCertSet.2.default.params.range=180
 policyset.serverCertSet.2.default.params.startTime=0
 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.serverCertSet.3.constraint.name=Key Constraint
-policyset.serverCertSet.3.constraint.params.keyType=RSA
-policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyType=-
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.serverCertSet.3.default.name=Key Default
 policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caCACert.cfg b/base/ca/shared/profiles/ca/caCACert.cfg
index 36f81b53b..faceb8025 100644
--- a/base/ca/shared/profiles/ca/caCACert.cfg
+++ b/base/ca/shared/profiles/ca/caCACert.cfg
@@ -29,8 +29,8 @@ policyset.caCertSet.2.default.params.range=7305
 policyset.caCertSet.2.default.params.startTime=0
 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.caCertSet.3.constraint.name=Key Constraint
-policyset.caCertSet.3.constraint.params.keyType=RSA
-policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.caCertSet.3.constraint.params.keyType=-
+policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.caCertSet.3.default.name=Key Default
 policyset.caCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caDirUserCert.cfg b/base/ca/shared/profiles/ca/caDirUserCert.cfg
index ce42445cc..8943bcf08 100644
--- a/base/ca/shared/profiles/ca/caDirUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caDirUserCert.cfg
@@ -34,8 +34,8 @@ policyset.userCertSet.2.default.params.range=180
 policyset.userCertSet.2.default.params.startTime=0
 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.userCertSet.3.constraint.name=Key Constraint
-policyset.userCertSet.3.constraint.params.keyType=RSA
-policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.userCertSet.3.constraint.params.keyType=-
+policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.userCertSet.3.default.name=Key Default
 policyset.userCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caInstallCACert.cfg b/base/ca/shared/profiles/ca/caInstallCACert.cfg
index 43588fe30..d087068ee 100644
--- a/base/ca/shared/profiles/ca/caInstallCACert.cfg
+++ b/base/ca/shared/profiles/ca/caInstallCACert.cfg
@@ -31,7 +31,7 @@ policyset.caCertSet.2.default.params.startTime=0
 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.caCertSet.3.constraint.name=Key Constraint
 policyset.caCertSet.3.constraint.params.keyType=-
-policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.caCertSet.3.default.name=Key Default
 policyset.caCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
index de07df565..151dc8129 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
@@ -31,7 +31,7 @@ policyset.ocspCertSet.2.default.params.startTime=0
 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.ocspCertSet.3.constraint.name=Key Constraint
 policyset.ocspCertSet.3.constraint.params.keyType=-
-policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.ocspCertSet.3.default.name=Key Default
 policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg
index f639d243b..719351080 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg
@@ -31,7 +31,7 @@ policyset.serverCertSet.2.default.params.startTime=0
 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.serverCertSet.3.constraint.name=Key Constraint
 policyset.serverCertSet.3.constraint.params.keyType=-
-policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.serverCertSet.3.default.name=Key Default
 policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg
index ed18a547e..4106c5fef 100644
--- a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg
+++ b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg
@@ -33,7 +33,7 @@ policyset.serverCertSet.2.default.params.startTime=0
 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.serverCertSet.3.constraint.name=Key Constraint
 policyset.serverCertSet.3.constraint.params.keyType=-
-policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.serverCertSet.3.default.name=Key Default
 policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caOCSPCert.cfg b/base/ca/shared/profiles/ca/caOCSPCert.cfg
index bda3ee752..61f92a385 100644
--- a/base/ca/shared/profiles/ca/caOCSPCert.cfg
+++ b/base/ca/shared/profiles/ca/caOCSPCert.cfg
@@ -29,8 +29,8 @@ policyset.ocspCertSet.2.default.params.range=720
 policyset.ocspCertSet.2.default.params.startTime=0
 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.ocspCertSet.3.constraint.name=Key Constraint
-policyset.ocspCertSet.3.constraint.params.keyType=RSA
-policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.ocspCertSet.3.constraint.params.keyType=-
+policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.ocspCertSet.3.default.name=Key Default
 policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caOtherCert.cfg b/base/ca/shared/profiles/ca/caOtherCert.cfg
index 38c03bb89..839517a02 100644
--- a/base/ca/shared/profiles/ca/caOtherCert.cfg
+++ b/base/ca/shared/profiles/ca/caOtherCert.cfg
@@ -29,8 +29,8 @@ policyset.otherCertSet.2.default.params.range=720
 policyset.otherCertSet.2.default.params.startTime=0
 policyset.otherCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.otherCertSet.3.constraint.name=Key Constraint
-policyset.otherCertSet.3.constraint.params.keyType=RSA
-policyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.otherCertSet.3.constraint.params.keyType=-
+policyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.otherCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.otherCertSet.3.default.name=Key Default
 policyset.otherCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caServerCert.cfg b/base/ca/shared/profiles/ca/caServerCert.cfg
index 060194d8a..35254cb75 100644
--- a/base/ca/shared/profiles/ca/caServerCert.cfg
+++ b/base/ca/shared/profiles/ca/caServerCert.cfg
@@ -29,8 +29,8 @@ policyset.serverCertSet.2.default.params.range=720
 policyset.serverCertSet.2.default.params.startTime=0
 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.serverCertSet.3.constraint.name=Key Constraint
-policyset.serverCertSet.3.constraint.params.keyType=RSA
-policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyType=-
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.serverCertSet.3.default.name=Key Default
 policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caTPSCert.cfg b/base/ca/shared/profiles/ca/caTPSCert.cfg
index 5553d4f41..bcc30a7fd 100644
--- a/base/ca/shared/profiles/ca/caTPSCert.cfg
+++ b/base/ca/shared/profiles/ca/caTPSCert.cfg
@@ -29,8 +29,8 @@ policyset.serverCertSet.2.default.params.range=720
 policyset.serverCertSet.2.default.params.startTime=0
 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.serverCertSet.3.constraint.name=Key Constraint
-policyset.serverCertSet.3.constraint.params.keyType=RSA
-policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyType=-
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.serverCertSet.3.default.name=Key Default
 policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
index f1701081c..fcc9ffc08 100644
--- a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
+++ b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg
@@ -30,8 +30,8 @@ policyset.userCertSet.2.default.params.range=180
 policyset.userCertSet.2.default.params.startTime=0
 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.userCertSet.3.constraint.name=Key Constraint
-policyset.userCertSet.3.constraint.params.keyType=RSA
-policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.userCertSet.3.constraint.params.keyType=-
+policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.userCertSet.3.default.name=Key Default
 policyset.userCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caUserCert.cfg b/base/ca/shared/profiles/ca/caUserCert.cfg
index 9a5d83c9b..0fdc451ca 100644
--- a/base/ca/shared/profiles/ca/caUserCert.cfg
+++ b/base/ca/shared/profiles/ca/caUserCert.cfg
@@ -36,8 +36,8 @@ policyset.userCertSet.2.default.params.range=180
 policyset.userCertSet.2.default.params.startTime=0
 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.userCertSet.3.constraint.name=Key Constraint
-policyset.userCertSet.3.constraint.params.keyType=RSA
-policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.userCertSet.3.constraint.params.keyType=-
+policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.userCertSet.3.default.name=Key Default
 policyset.userCertSet.4.constraint.class_id=noConstraintImpl
diff --git a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg
index c273e26f0..06271e476 100644
--- a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg
+++ b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg
@@ -36,8 +36,8 @@ policyset.userCertSet.2.default.params.range=180
 policyset.userCertSet.2.default.params.startTime=0
 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.userCertSet.3.constraint.name=Key Constraint
-policyset.userCertSet.3.constraint.params.keyType=RSA
-policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.userCertSet.3.constraint.params.keyType=-
+policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.userCertSet.3.default.name=Key Default
 policyset.userCertSet.4.constraint.class_id=noConstraintImpl
author	Christina Fu <cfu@redhat.com>	2013-03-25 02:02:38 -0700
committer	Christina Fu <cfu@redhat.com>	2013-03-25 02:02:38 -0700
commit	d755ecbbbba7a43fa0ae3b077296896c56868800 (patch)
tree	ed00cec1e7c490d72bad76012833d36418b8a747 /base/ca
parent	558d90e0ab80e4453a4c546d01f84df9e9dd33ef (diff)
download	pki-d755ecbbbba7a43fa0ae3b077296896c56868800.tar.gz pki-d755ecbbbba7a43fa0ae3b077296896c56868800.tar.xz pki-d755ecbbbba7a43fa0ae3b077296896c56868800.zip