diff options
3 files changed, 19 insertions, 12 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 592312084..bae3745ee 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -260,7 +260,7 @@ public class CertUtil { */ public static String getAdminProfileAlgorithm(IConfigStore config) { - String algorithm = "SHA1withRSA"; + String algorithm = "SHA256withRSA"; try { String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); String pfile = config.getString("profile.caAdminCert.config"); @@ -405,14 +405,19 @@ public class CertUtil { CMS.debug("key algorithm is " + keyAlgo); String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa"); + String caSigningKeyAlgo = + config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA"); CMS.debug("CA Signing Key type " + caSigningKeyType); + CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo); if (caSigningKeyType.equals("ecc")) { - CMS.debug("Signing ECC certificate"); - cert = CryptoUtil.signECCCert(caPrik, info, keyAlgorithm); + CMS.debug("CA signing cert is ECC"); + cert = CryptoUtil.signECCCert(caPrik, info, + caSigningKeyAlgo); } else { - CMS.debug("Signing RSA certificate"); - cert = CryptoUtil.signCert(caPrik, info, keyAlgorithm); + CMS.debug("CA signing cert is not ecc"); + cert = CryptoUtil.signCert(caPrik, info, + caSigningKeyAlgo); } if (cert != null) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java index 39cc2c211..d7670cd9b 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java @@ -416,7 +416,8 @@ public class SizePanel extends WizardPanelBase { public void createECCKeyPair(String token, int keysize, IConfigStore config, String ct) throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException { - CMS.debug("Generating ECC key pair"); + CMS.debug("Generating ECC key pair with keysize="+ keysize + + ", token="+token); KeyPair pair = null; /* * default ssl server cert to ECDHE unless stated otherwise diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 177affad2..15aac27b7 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -160,6 +160,7 @@ public class CryptoUtil { NoSuchAlgorithmException, TokenException { CryptoToken t = getTokenByName(token); + KeyPairAlgorithm alg = KeyPairAlgorithm.EC; KeyPairGenerator g = t.getKeyPairGenerator(alg); @@ -532,7 +533,7 @@ public class CryptoUtil { CertificateException, InvalidKeyException { // set default; use the other call with "alg" to set algorithm - String alg = "SHA1withRSA"; + String alg = "SHA256withRSA"; try { return createX509CertInfo (x509key, serialno, issuername, subjname, notBefore, notAfter, alg); } catch (NoSuchAlgorithmException ex) { @@ -583,7 +584,7 @@ public class CryptoUtil { CertificateException { // set default; use the other call with "alg" to specify algorithm - String alg = "SHA1withEC"; + String alg = "SHA256withEC"; return signECCCert(privateKey, certInfo, alg); } @@ -670,9 +671,9 @@ public class CryptoUtil { InvalidKeyException, IOException, CertificateException, SignatureException { // give default - String alg = "SHA1withRSA"; + String alg = "SHA256withRSA"; if (isECCKey(pubk)) { - alg = "SHA1withEC"; + alg = "SHA256withEC"; } return createCertificationRequest(subjectName, pubk, prik, alg); } @@ -707,9 +708,9 @@ public class CryptoUtil { PublicKey pubk = keyPair.getPublic(); X509Key key = convertPublicKeyToX509Key(pubk); if (pubk instanceof RSAPublicKey) { - alg = "SHA1withRSA"; + alg = "SHA256withRSA"; } else if (isECCKey(key)) { - alg = "SHA1withEC"; + alg = "SHA256withEC"; } else { // Assert.assert(pubk instanceof DSAPublicKey); alg = "DSA"; |