Skip to content

Commit

Permalink
Default to 2048-bit RSA now
Browse files Browse the repository at this point in the history
1024-bit RSA has been disallowed by our underlying libraries for a while
now. We should choose a better default. Currently 2048-bit works with
DEFAULT and FIPS, but FUTURE is defaulting to 3072. It isn't immediately
clear when FUTURE will become default, but we can always update again
later when that occurs.

Signed-off-by: Alexander Scheel <[email protected]>
  • Loading branch information
cipherboy committed Feb 11, 2021
1 parent e984280 commit 64f1976
Show file tree
Hide file tree
Showing 8 changed files with 37 additions and 37 deletions.
6 changes: 3 additions & 3 deletions base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
Original file line number Diff line number Diff line change
Expand Up @@ -466,13 +466,13 @@ function validate()
var signKeyType = "rsa-sign";
var dualKeyType = "rsa-dual-use";
var encKeyParams = null;
var encKeySize = 1024;
var encKeySize = 2048;
var signKeyParams = null;
var signKeySize = 1024;
var signKeySize = 2048;
var keyParams = null;
// Give this default because the ECC crytpo codes requires and integer
// for this value even if presenting ECC curve name parameter.
var keySize = 1024;
var keySize = 2048;

try {
if (dual == 'true') {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public static List<String> getValidUsagesList() {
public static void main(String[] args) {
AsymKeyGenerationRequest request = new AsymKeyGenerationRequest();
request.setKeyAlgorithm(KeyRequestResource.RSA_ALGORITHM);
request.setKeySize(1024);
request.setKeySize(2048);
request.setClientKeyId("vek12345");
List<String> usages = new ArrayList<String>();
usages.add(AsymKeyGenerationRequest.ENCRYPT);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ private void processServerSideKeyGen(HttpServletRequest req,

// keysize is for non-EC (EC uses keycurve)
if (!rKeytype.equals("EC") && ((rKeysize == null) || (rKeysize.equals("")))) {
rKeysize = "1024"; // default to 1024
rKeysize = "2048"; // default to 2048
}

if (rKeytype.equals("EC")) {
Expand Down
22 changes: 11 additions & 11 deletions base/tps-client/doc/CS.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -571,7 +571,7 @@ op.format.mapping.6.target.tokenType=tokenKey
op.enroll.userKey._000=#########################################
op.enroll.userKey._001=# Enrollment Operation For CoolKey
op.enroll.userKey._002=#
op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024
op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=2048
op.enroll.userKey._004=# - size of the key the token should generate
op.enroll.userKey._005=# - max value: 1024
op.enroll.userKey._006=#
Expand Down Expand Up @@ -692,7 +692,7 @@ op.enroll.userKey.keyGen.tokenName=$auth.cn$
op.enroll.userKey.keyGen.keyType.num=2
op.enroll.userKey.keyGen.keyType.value.0=signing
op.enroll.userKey.keyGen.keyType.value.1=encryption
op.enroll.userKey.keyGen.signing.keySize=1024
op.enroll.userKey.keyGen.signing.keySize=2048
op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -731,7 +731,7 @@ op.enroll.userKey.keyGen.signing.publicKeyNumber=3
op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
op.enroll.userKey.keyGen.signing.ca.conn=ca1
op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
op.enroll.userKey.keyGen.encryption.keySize=1024
op.enroll.userKey.keyGen.encryption.keySize=2048
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -809,7 +809,7 @@ op.enroll.userKeyTemporary.keyGen.keyType.num=3
op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth
op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing
op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption
op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
op.enroll.userKeyTemporary.keyGen.auth.keySize=2048
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
Expand Down Expand Up @@ -847,7 +847,7 @@ op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0
op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1
op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
op.enroll.userKeyTemporary.keyGen.signing.keySize=2048
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -886,7 +886,7 @@ op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3
op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1
op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher
op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
op.enroll.userKeyTemporary.keyGen.encryption.keySize=2048
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -1011,7 +1011,7 @@ op.enroll.soKey.keyGen.tokenName=$auth.cn$
op.enroll.soKey.keyGen.keyType.num=2
op.enroll.soKey.keyGen.keyType.value.0=signing
op.enroll.soKey.keyGen.keyType.value.1=encryption
op.enroll.soKey.keyGen.signing.keySize=1024
op.enroll.soKey.keyGen.signing.keySize=2048
op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -1050,7 +1050,7 @@ op.enroll.soKey.keyGen.signing.publicKeyNumber=3
op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
op.enroll.soKey.keyGen.signing.ca.conn=ca1
op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
op.enroll.soKey.keyGen.encryption.keySize=1024
op.enroll.soKey.keyGen.encryption.keySize=2048
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -1128,7 +1128,7 @@ op.enroll.soKeyTemporary.keyGen.keyType.num=3
op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth
op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing
op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption
op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
op.enroll.soKeyTemporary.keyGen.auth.keySize=2048
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
Expand Down Expand Up @@ -1166,7 +1166,7 @@ op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0
op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1
op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
op.enroll.soKeyTemporary.keyGen.signing.keySize=2048
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
Expand Down Expand Up @@ -1204,7 +1204,7 @@ op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2
op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3
op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
op.enroll.soKeyTemporary.keyGen.encryption.keySize=2048
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
Expand Down
34 changes: 17 additions & 17 deletions base/tps/shared/conf/CS.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ op.enroll.delegateIEtoken.keyGen.authentication.certAttrId=c3
op.enroll.delegateIEtoken.keyGen.authentication.certId=C3
op.enroll.delegateIEtoken.keyGen.authentication.cuid_label=$cuid$
op.enroll.delegateIEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateIEtoken.keyGen.authentication.keySize=1024
op.enroll.delegateIEtoken.keyGen.authentication.keySize=2048
op.enroll.delegateIEtoken.keyGen.authentication.keyUsage=0
op.enroll.delegateIEtoken.keyGen.authentication.keyUser=0
op.enroll.delegateIEtoken.keyGen.authentication.label=authentication key for $userid$
Expand Down Expand Up @@ -505,7 +505,7 @@ op.enroll.delegateISEtoken.keyGen.authentication.certAttrId=c3
op.enroll.delegateISEtoken.keyGen.authentication.certId=C3
op.enroll.delegateISEtoken.keyGen.authentication.cuid_label=$cuid$
op.enroll.delegateISEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateISEtoken.keyGen.authentication.keySize=1024
op.enroll.delegateISEtoken.keyGen.authentication.keySize=2048
op.enroll.delegateISEtoken.keyGen.authentication.keyUsage=0
op.enroll.delegateISEtoken.keyGen.authentication.keyUser=0
op.enroll.delegateISEtoken.keyGen.authentication.label=authentication key for $userid$
Expand Down Expand Up @@ -572,7 +572,7 @@ op.enroll.delegateISEtoken.keyGen.encryption.certAttrId=c2
op.enroll.delegateISEtoken.keyGen.encryption.certId=C2
op.enroll.delegateISEtoken.keyGen.encryption.cuid_label=$cuid$
op.enroll.delegateISEtoken.keyGen.encryption.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateISEtoken.keyGen.encryption.keySize=1024
op.enroll.delegateISEtoken.keyGen.encryption.keySize=2048
op.enroll.delegateISEtoken.keyGen.encryption.keyUsage=0
op.enroll.delegateISEtoken.keyGen.encryption.keyUser=0
op.enroll.delegateISEtoken.keyGen.encryption.label=encryption key for $userid$
Expand Down Expand Up @@ -647,7 +647,7 @@ op.enroll.delegateISEtoken.keyGen.signing.certAttrId=c1
op.enroll.delegateISEtoken.keyGen.signing.certId=C1
op.enroll.delegateISEtoken.keyGen.signing.cuid_label=$cuid$
op.enroll.delegateISEtoken.keyGen.signing.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateISEtoken.keyGen.signing.keySize=1024
op.enroll.delegateISEtoken.keyGen.signing.keySize=2048
op.enroll.delegateISEtoken.keyGen.signing.keyUsage=0
op.enroll.delegateISEtoken.keyGen.signing.keyUser=0
op.enroll.delegateISEtoken.keyGen.signing.label=signing key for $userid$
Expand Down Expand Up @@ -916,7 +916,7 @@ op.enroll.externalRegISEtoken.keyGen.authentication.certAttrId=c3
op.enroll.externalRegISEtoken.keyGen.authentication.certId=C3
op.enroll.externalRegISEtoken.keyGen.authentication.cuid_label=$cuid$
op.enroll.externalRegISEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org
op.enroll.externalRegISEtoken.keyGen.authentication.keySize=1024
op.enroll.externalRegISEtoken.keyGen.authentication.keySize=2048
op.enroll.externalRegISEtoken.keyGen.authentication.keyUsage=0
op.enroll.externalRegISEtoken.keyGen.authentication.keyUser=0
op.enroll.externalRegISEtoken.keyGen.authentication.label=authentication key for $userid$
Expand Down Expand Up @@ -983,7 +983,7 @@ op.enroll.externalRegISEtoken.keyGen.encryption.certAttrId=c2
op.enroll.externalRegISEtoken.keyGen.encryption.certId=C2
op.enroll.externalRegISEtoken.keyGen.encryption.cuid_label=$cuid$
op.enroll.externalRegISEtoken.keyGen.encryption.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org
op.enroll.externalRegISEtoken.keyGen.encryption.keySize=1024
op.enroll.externalRegISEtoken.keyGen.encryption.keySize=2048
op.enroll.externalRegISEtoken.keyGen.encryption.keyUsage=0
op.enroll.externalRegISEtoken.keyGen.encryption.keyUser=0
op.enroll.externalRegISEtoken.keyGen.encryption.label=encryption key for $userid$
Expand Down Expand Up @@ -1062,7 +1062,7 @@ op.enroll.externalRegISEtoken.keyGen.signing.certAttrId=c1
op.enroll.externalRegISEtoken.keyGen.signing.certId=C1
op.enroll.externalRegISEtoken.keyGen.signing.cuid_label=$cuid$
op.enroll.externalRegISEtoken.keyGen.signing.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org
op.enroll.externalRegISEtoken.keyGen.signing.keySize=1024
op.enroll.externalRegISEtoken.keyGen.signing.keySize=2048
op.enroll.externalRegISEtoken.keyGen.signing.keyUsage=0
op.enroll.externalRegISEtoken.keyGen.signing.keyUser=0
op.enroll.externalRegISEtoken.keyGen.signing.label=signing key for $userid$
Expand Down Expand Up @@ -1194,7 +1194,7 @@ op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollmen
op.enroll.soKey.keyGen.encryption.certAttrId=c2
op.enroll.soKey.keyGen.encryption.certId=C2
op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$
op.enroll.soKey.keyGen.encryption.keySize=1024
op.enroll.soKey.keyGen.encryption.keySize=2048
op.enroll.soKey.keyGen.encryption.keyUsage=0
op.enroll.soKey.keyGen.encryption.keyUser=0
op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$
Expand Down Expand Up @@ -1267,7 +1267,7 @@ op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
op.enroll.soKey.keyGen.signing.certAttrId=c1
op.enroll.soKey.keyGen.signing.certId=C1
op.enroll.soKey.keyGen.signing.cuid_label=$cuid$
op.enroll.soKey.keyGen.signing.keySize=1024
op.enroll.soKey.keyGen.signing.keySize=2048
op.enroll.soKey.keyGen.signing.keyUsage=0
op.enroll.soKey.keyGen.signing.keyUser=0
op.enroll.soKey.keyGen.signing.label=signing key for $userid$
Expand Down Expand Up @@ -1345,7 +1345,7 @@ op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0
op.enroll.soKeyTemporary.keyGen.auth.certId=C0
op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$
op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
op.enroll.soKeyTemporary.keyGen.auth.keySize=2048
op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0
op.enroll.soKeyTemporary.keyGen.auth.keyUser=15
op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
Expand Down Expand Up @@ -1386,7 +1386,7 @@ op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptio
op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2
op.enroll.soKeyTemporary.keyGen.encryption.certId=C2
op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$
op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
op.enroll.soKeyTemporary.keyGen.encryption.keySize=2048
op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0
op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0
op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$
Expand Down Expand Up @@ -1437,7 +1437,7 @@ op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEn
op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1
op.enroll.soKeyTemporary.keyGen.signing.certId=C1
op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$
op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
op.enroll.soKeyTemporary.keyGen.signing.keySize=2048
op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0
op.enroll.soKeyTemporary.keyGen.signing.keyUser=0
op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$
Expand Down Expand Up @@ -1518,7 +1518,7 @@ op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollm
op.enroll.userKey.keyGen.encryption.certAttrId=c2
op.enroll.userKey.keyGen.encryption.certId=C2
op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$
op.enroll.userKey.keyGen.encryption.keySize=1024
op.enroll.userKey.keyGen.encryption.keySize=2048
op.enroll.userKey.keyGen.encryption.keyUsage=0
op.enroll.userKey.keyGen.encryption.keyUser=0
op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$
Expand Down Expand Up @@ -1591,7 +1591,7 @@ op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
op.enroll.userKey.keyGen.signing.certAttrId=c1
op.enroll.userKey.keyGen.signing.certId=C1
op.enroll.userKey.keyGen.signing.cuid_label=$cuid$
op.enroll.userKey.keyGen.signing.keySize=1024
op.enroll.userKey.keyGen.signing.keySize=2048
op.enroll.userKey.keyGen.signing.keyUsage=0
op.enroll.userKey.keyGen.signing.keyUser=0
op.enroll.userKey.keyGen.signing.label=signing key for $userid$
Expand Down Expand Up @@ -1682,7 +1682,7 @@ op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollme
op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0
op.enroll.userKeyTemporary.keyGen.auth.certId=C0
op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$
op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
op.enroll.userKeyTemporary.keyGen.auth.keySize=2048
op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0
op.enroll.userKeyTemporary.keyGen.auth.keyUser=15
op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
Expand Down Expand Up @@ -1723,7 +1723,7 @@ op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncrypt
op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2
op.enroll.userKeyTemporary.keyGen.encryption.certId=C2
op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$
op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
op.enroll.userKeyTemporary.keyGen.encryption.keySize=2048
op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0
op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0
op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$
Expand Down Expand Up @@ -1774,7 +1774,7 @@ op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKey
op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1
op.enroll.userKeyTemporary.keyGen.signing.certId=C1
op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$
op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
op.enroll.userKeyTemporary.keyGen.signing.keySize=2048
op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0
op.enroll.userKeyTemporary.keyGen.signing.keyUser=0
op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2251,7 +2251,7 @@ private void generateCertificate(EnrolledCertsInfo certsInfo, SecureChannel chan
logger.debug(method + ": publicKeyAttrId: " + publicKeyAttrId);

configName = keyTypePrefix + ".keySize";
int keySize = configStore.getInteger(configName, 1024);
int keySize = configStore.getInteger(configName, 2048);
logger.debug(method + ": keySize: " + keySize);

//Default RSA_CRT=2
Expand Down
2 changes: 1 addition & 1 deletion docs/manuals/man1/KRATool.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ extdata-keyrecord: 1
extdata-wrappeduserprivate: %94%C1%36%D3%EA%4E%36%B5%42%91%AB%47%34%C0%35%A3%6
F%E8%10%A9%B1%25%F4%BE%9C%11%D1%B3%3D%90%AB%79
extdata-userid: jmagne
extdata-keysize: 1024
extdata-keysize: 2048
extdata-updatedby: TPS-alpha.example.com-7889
extdata-dbstatus: UPDATED
extdata-cuid: 40906145C76224192D2B
Expand Down
4 changes: 2 additions & 2 deletions docs/manuals/man5/pki-tps-profile.5.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Token profiles are defined using properties in the TPS configuration file.
The following property sets the size of the key the token should generate:

```
op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024
op.enroll.<tokenType>.keyGen.<keyType>.keySize=2048
```

The maximum value is 1024.
Expand Down Expand Up @@ -95,7 +95,7 @@ and which PIN user should be granted:

```
op.enroll.<tokenType>.keyGen.<keyType>.alg=2
op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024
op.enroll.<tokenType>.keyGen.<keyType>.keySize=2048
op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0
op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0
```
Expand Down

0 comments on commit 64f1976

Please sign in to comment.