diff options
-rw-r--r-- | pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java | 4 | ||||
-rw-r--r-- | pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm | 11 |
2 files changed, 14 insertions, 1 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 92d0f7e55..bf4de6a83 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -99,6 +99,7 @@ import org.mozilla.jss.crypto.SignatureAlgorithm; import org.mozilla.jss.crypto.SymmetricKey; import org.mozilla.jss.crypto.TokenException; import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.pkcs11.PK11ECPublicKey; import org.mozilla.jss.pkcs12.PasswordConverter; import org.mozilla.jss.pkcs7.EncryptedContentInfo; import org.mozilla.jss.pkix.crmf.CertReqMsg; @@ -579,6 +580,9 @@ public class CryptoUtil { xKey = new netscape.security.provider.RSAPublicKey( new BigInt(rsaKey.getModulus()), new BigInt(rsaKey.getPublicExponent())); + } else if (pubk instanceof PK11ECPublicKey) { + byte encoded[] = pubk.getEncoded(); + xKey = CryptoUtil.getPublicX509ECCKey(encoded); } else { // Assert.assert(pubk instanceof DSAPublicKey); DSAPublicKey dsaKey = (DSAPublicKey) pubk; diff --git a/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm b/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm index 60af2a530..5db27e00d 100644 --- a/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm +++ b/pki/dogtag/common-ui/shared/admin/console/config/adminpanel.vm @@ -35,13 +35,18 @@ function performPanel() { var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o; document.forms[0].subject.value = dn; var keyGenAlg = "rsa-dual-use"; + var keyParams = null; + if (document.forms[0].keytype.value == 'ecc') { + keyGenAlg = "ec-dual-use"; + keyParams = "curve=nistp256" + } if (navigator.appName == "Netscape" && typeof(crypto.version) != "undefined") { crmfObject = crypto.generateCRMFRequest( dn, "regToken", "authenticator", null, - "setCRMFRequest();", 1024, null, keyGenAlg); + "setCRMFRequest();", 2048, keyParams, keyGenAlg); } else { Send_OnClick(); } @@ -204,6 +209,10 @@ The administrator is a privileged user who manages this subsystem. Please enter <input type="hidden" name="securitydomain" value="$securityDomain" /> <input type="hidden" name="subject" value="cn=x" /> </tr> + <tr> + <th>Key Type:</th> + <td><select name="keytype"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td> + </tr> </table> <div align="right"> <hr /> |