diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template index be2caefb2a1..40e6cf2f54d 100644 --- a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template +++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template @@ -466,13 +466,13 @@ function validate() var signKeyType = "rsa-sign"; var dualKeyType = "rsa-dual-use"; var encKeyParams = null; - var encKeySize = 1024; + var encKeySize = 2048; var signKeyParams = null; - var signKeySize = 1024; + var signKeySize = 2048; var keyParams = null; // Give this default because the ECC crytpo codes requires and integer // for this value even if presenting ECC curve name parameter. - var keySize = 1024; + var keySize = 2048; try { if (dual == 'true') { diff --git a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java index 970de221865..ff232b02df8 100644 --- a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java +++ b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java @@ -104,7 +104,7 @@ public static List getValidUsagesList() { public static void main(String[] args) { AsymKeyGenerationRequest request = new AsymKeyGenerationRequest(); request.setKeyAlgorithm(KeyRequestResource.RSA_ALGORITHM); - request.setKeySize(1024); + request.setKeySize(2048); request.setClientKeyId("vek12345"); List usages = new ArrayList(); usages.add(AsymKeyGenerationRequest.ENCRYPT); diff --git a/base/server/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/base/server/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java index eb5e4625ca2..f60c1ca9011 100644 --- a/base/server/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java +++ b/base/server/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java @@ -161,7 +161,7 @@ private void processServerSideKeyGen(HttpServletRequest req, // keysize is for non-EC (EC uses keycurve) if (!rKeytype.equals("EC") && ((rKeysize == null) || (rKeysize.equals("")))) { - rKeysize = "1024"; // default to 1024 + rKeysize = "2048"; // default to 2048 } if (rKeytype.equals("EC")) { diff --git a/base/tps-client/doc/CS.cfg b/base/tps-client/doc/CS.cfg index 2eada6ad292..8534d391061 100644 --- a/base/tps-client/doc/CS.cfg +++ b/base/tps-client/doc/CS.cfg @@ -571,7 +571,7 @@ op.format.mapping.6.target.tokenType=tokenKey op.enroll.userKey._000=######################################### op.enroll.userKey._001=# Enrollment Operation For CoolKey op.enroll.userKey._002=# -op.enroll.userKey._003=# op.enroll..keyGen..keySize=1024 +op.enroll.userKey._003=# op.enroll..keyGen..keySize=2048 op.enroll.userKey._004=# - size of the key the token should generate op.enroll.userKey._005=# - max value: 1024 op.enroll.userKey._006=# @@ -692,7 +692,7 @@ op.enroll.userKey.keyGen.tokenName=$auth.cn$ op.enroll.userKey.keyGen.keyType.num=2 op.enroll.userKey.keyGen.keyType.value.0=signing op.enroll.userKey.keyGen.keyType.value.1=encryption -op.enroll.userKey.keyGen.signing.keySize=1024 +op.enroll.userKey.keyGen.signing.keySize=2048 op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false @@ -731,7 +731,7 @@ op.enroll.userKey.keyGen.signing.publicKeyNumber=3 op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment op.enroll.userKey.keyGen.signing.ca.conn=ca1 op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.userKey.keyGen.encryption.keySize=1024 +op.enroll.userKey.keyGen.encryption.keySize=2048 op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false @@ -809,7 +809,7 @@ op.enroll.userKeyTemporary.keyGen.keyType.num=3 op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption -op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.userKeyTemporary.keyGen.auth.keySize=2048 op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true @@ -847,7 +847,7 @@ op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 -op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.userKeyTemporary.keyGen.signing.keySize=2048 op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false @@ -886,7 +886,7 @@ op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.userKeyTemporary.keyGen.encryption.keySize=2048 op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false @@ -1011,7 +1011,7 @@ op.enroll.soKey.keyGen.tokenName=$auth.cn$ op.enroll.soKey.keyGen.keyType.num=2 op.enroll.soKey.keyGen.keyType.value.0=signing op.enroll.soKey.keyGen.keyType.value.1=encryption -op.enroll.soKey.keyGen.signing.keySize=1024 +op.enroll.soKey.keyGen.signing.keySize=2048 op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false @@ -1050,7 +1050,7 @@ op.enroll.soKey.keyGen.signing.publicKeyNumber=3 op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment op.enroll.soKey.keyGen.signing.ca.conn=ca1 op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.soKey.keyGen.encryption.keySize=1024 +op.enroll.soKey.keyGen.encryption.keySize=2048 op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false @@ -1128,7 +1128,7 @@ op.enroll.soKeyTemporary.keyGen.keyType.num=3 op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption -op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.soKeyTemporary.keyGen.auth.keySize=2048 op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true @@ -1166,7 +1166,7 @@ op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.soKeyTemporary.keyGen.signing.keySize=2048 op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false @@ -1204,7 +1204,7 @@ op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.soKeyTemporary.keyGen.encryption.keySize=2048 op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg index 3774e10f72b..768c807efd7 100644 --- a/base/tps/shared/conf/CS.cfg +++ b/base/tps/shared/conf/CS.cfg @@ -322,7 +322,7 @@ op.enroll.delegateIEtoken.keyGen.authentication.certAttrId=c3 op.enroll.delegateIEtoken.keyGen.authentication.certId=C3 op.enroll.delegateIEtoken.keyGen.authentication.cuid_label=$cuid$ op.enroll.delegateIEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org -op.enroll.delegateIEtoken.keyGen.authentication.keySize=1024 +op.enroll.delegateIEtoken.keyGen.authentication.keySize=2048 op.enroll.delegateIEtoken.keyGen.authentication.keyUsage=0 op.enroll.delegateIEtoken.keyGen.authentication.keyUser=0 op.enroll.delegateIEtoken.keyGen.authentication.label=authentication key for $userid$ @@ -505,7 +505,7 @@ op.enroll.delegateISEtoken.keyGen.authentication.certAttrId=c3 op.enroll.delegateISEtoken.keyGen.authentication.certId=C3 op.enroll.delegateISEtoken.keyGen.authentication.cuid_label=$cuid$ op.enroll.delegateISEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org -op.enroll.delegateISEtoken.keyGen.authentication.keySize=1024 +op.enroll.delegateISEtoken.keyGen.authentication.keySize=2048 op.enroll.delegateISEtoken.keyGen.authentication.keyUsage=0 op.enroll.delegateISEtoken.keyGen.authentication.keyUser=0 op.enroll.delegateISEtoken.keyGen.authentication.label=authentication key for $userid$ @@ -572,7 +572,7 @@ op.enroll.delegateISEtoken.keyGen.encryption.certAttrId=c2 op.enroll.delegateISEtoken.keyGen.encryption.certId=C2 op.enroll.delegateISEtoken.keyGen.encryption.cuid_label=$cuid$ op.enroll.delegateISEtoken.keyGen.encryption.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org -op.enroll.delegateISEtoken.keyGen.encryption.keySize=1024 +op.enroll.delegateISEtoken.keyGen.encryption.keySize=2048 op.enroll.delegateISEtoken.keyGen.encryption.keyUsage=0 op.enroll.delegateISEtoken.keyGen.encryption.keyUser=0 op.enroll.delegateISEtoken.keyGen.encryption.label=encryption key for $userid$ @@ -647,7 +647,7 @@ op.enroll.delegateISEtoken.keyGen.signing.certAttrId=c1 op.enroll.delegateISEtoken.keyGen.signing.certId=C1 op.enroll.delegateISEtoken.keyGen.signing.cuid_label=$cuid$ op.enroll.delegateISEtoken.keyGen.signing.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org -op.enroll.delegateISEtoken.keyGen.signing.keySize=1024 +op.enroll.delegateISEtoken.keyGen.signing.keySize=2048 op.enroll.delegateISEtoken.keyGen.signing.keyUsage=0 op.enroll.delegateISEtoken.keyGen.signing.keyUser=0 op.enroll.delegateISEtoken.keyGen.signing.label=signing key for $userid$ @@ -916,7 +916,7 @@ op.enroll.externalRegISEtoken.keyGen.authentication.certAttrId=c3 op.enroll.externalRegISEtoken.keyGen.authentication.certId=C3 op.enroll.externalRegISEtoken.keyGen.authentication.cuid_label=$cuid$ op.enroll.externalRegISEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org -op.enroll.externalRegISEtoken.keyGen.authentication.keySize=1024 +op.enroll.externalRegISEtoken.keyGen.authentication.keySize=2048 op.enroll.externalRegISEtoken.keyGen.authentication.keyUsage=0 op.enroll.externalRegISEtoken.keyGen.authentication.keyUser=0 op.enroll.externalRegISEtoken.keyGen.authentication.label=authentication key for $userid$ @@ -983,7 +983,7 @@ op.enroll.externalRegISEtoken.keyGen.encryption.certAttrId=c2 op.enroll.externalRegISEtoken.keyGen.encryption.certId=C2 op.enroll.externalRegISEtoken.keyGen.encryption.cuid_label=$cuid$ op.enroll.externalRegISEtoken.keyGen.encryption.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org -op.enroll.externalRegISEtoken.keyGen.encryption.keySize=1024 +op.enroll.externalRegISEtoken.keyGen.encryption.keySize=2048 op.enroll.externalRegISEtoken.keyGen.encryption.keyUsage=0 op.enroll.externalRegISEtoken.keyGen.encryption.keyUser=0 op.enroll.externalRegISEtoken.keyGen.encryption.label=encryption key for $userid$ @@ -1062,7 +1062,7 @@ op.enroll.externalRegISEtoken.keyGen.signing.certAttrId=c1 op.enroll.externalRegISEtoken.keyGen.signing.certId=C1 op.enroll.externalRegISEtoken.keyGen.signing.cuid_label=$cuid$ op.enroll.externalRegISEtoken.keyGen.signing.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org -op.enroll.externalRegISEtoken.keyGen.signing.keySize=1024 +op.enroll.externalRegISEtoken.keyGen.signing.keySize=2048 op.enroll.externalRegISEtoken.keyGen.signing.keyUsage=0 op.enroll.externalRegISEtoken.keyGen.signing.keyUser=0 op.enroll.externalRegISEtoken.keyGen.signing.label=signing key for $userid$ @@ -1194,7 +1194,7 @@ op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollmen op.enroll.soKey.keyGen.encryption.certAttrId=c2 op.enroll.soKey.keyGen.encryption.certId=C2 op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ -op.enroll.soKey.keyGen.encryption.keySize=1024 +op.enroll.soKey.keyGen.encryption.keySize=2048 op.enroll.soKey.keyGen.encryption.keyUsage=0 op.enroll.soKey.keyGen.encryption.keyUser=0 op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ @@ -1267,7 +1267,7 @@ op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment op.enroll.soKey.keyGen.signing.certAttrId=c1 op.enroll.soKey.keyGen.signing.certId=C1 op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ -op.enroll.soKey.keyGen.signing.keySize=1024 +op.enroll.soKey.keyGen.signing.keySize=2048 op.enroll.soKey.keyGen.signing.keyUsage=0 op.enroll.soKey.keyGen.signing.keyUser=0 op.enroll.soKey.keyGen.signing.label=signing key for $userid$ @@ -1345,7 +1345,7 @@ op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 op.enroll.soKeyTemporary.keyGen.auth.certId=C0 op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.soKeyTemporary.keyGen.auth.keySize=2048 op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ @@ -1386,7 +1386,7 @@ op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptio op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.soKeyTemporary.keyGen.encryption.keySize=2048 op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ @@ -1437,7 +1437,7 @@ op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEn op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 op.enroll.soKeyTemporary.keyGen.signing.certId=C1 op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.soKeyTemporary.keyGen.signing.keySize=2048 op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ @@ -1518,7 +1518,7 @@ op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollm op.enroll.userKey.keyGen.encryption.certAttrId=c2 op.enroll.userKey.keyGen.encryption.certId=C2 op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ -op.enroll.userKey.keyGen.encryption.keySize=1024 +op.enroll.userKey.keyGen.encryption.keySize=2048 op.enroll.userKey.keyGen.encryption.keyUsage=0 op.enroll.userKey.keyGen.encryption.keyUser=0 op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ @@ -1591,7 +1591,7 @@ op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment op.enroll.userKey.keyGen.signing.certAttrId=c1 op.enroll.userKey.keyGen.signing.certId=C1 op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ -op.enroll.userKey.keyGen.signing.keySize=1024 +op.enroll.userKey.keyGen.signing.keySize=2048 op.enroll.userKey.keyGen.signing.keyUsage=0 op.enroll.userKey.keyGen.signing.keyUser=0 op.enroll.userKey.keyGen.signing.label=signing key for $userid$ @@ -1682,7 +1682,7 @@ op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollme op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 op.enroll.userKeyTemporary.keyGen.auth.certId=C0 op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.userKeyTemporary.keyGen.auth.keySize=2048 op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ @@ -1723,7 +1723,7 @@ op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncrypt op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.userKeyTemporary.keyGen.encryption.keySize=2048 op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ @@ -1774,7 +1774,7 @@ op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKey op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 op.enroll.userKeyTemporary.keyGen.signing.certId=C1 op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.userKeyTemporary.keyGen.signing.keySize=2048 op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 30a6f071ba9..8b51178af34 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -2251,7 +2251,7 @@ private void generateCertificate(EnrolledCertsInfo certsInfo, SecureChannel chan logger.debug(method + ": publicKeyAttrId: " + publicKeyAttrId); configName = keyTypePrefix + ".keySize"; - int keySize = configStore.getInteger(configName, 1024); + int keySize = configStore.getInteger(configName, 2048); logger.debug(method + ": keySize: " + keySize); //Default RSA_CRT=2 diff --git a/docs/manuals/man1/KRATool.1.md b/docs/manuals/man1/KRATool.1.md index 494216af595..22fe844abdc 100644 --- a/docs/manuals/man1/KRATool.1.md +++ b/docs/manuals/man1/KRATool.1.md @@ -196,7 +196,7 @@ extdata-keyrecord: 1 extdata-wrappeduserprivate: %94%C1%36%D3%EA%4E%36%B5%42%91%AB%47%34%C0%35%A3%6 F%E8%10%A9%B1%25%F4%BE%9C%11%D1%B3%3D%90%AB%79 extdata-userid: jmagne -extdata-keysize: 1024 +extdata-keysize: 2048 extdata-updatedby: TPS-alpha.example.com-7889 extdata-dbstatus: UPDATED extdata-cuid: 40906145C76224192D2B diff --git a/docs/manuals/man5/pki-tps-profile.5.md b/docs/manuals/man5/pki-tps-profile.5.md index 9c700cb7e17..2da2a6ebfdf 100644 --- a/docs/manuals/man5/pki-tps-profile.5.md +++ b/docs/manuals/man5/pki-tps-profile.5.md @@ -17,7 +17,7 @@ Token profiles are defined using properties in the TPS configuration file. The following property sets the size of the key the token should generate: ``` -op.enroll..keyGen..keySize=1024 +op.enroll..keyGen..keySize=2048 ``` The maximum value is 1024. @@ -95,7 +95,7 @@ and which PIN user should be granted: ``` op.enroll..keyGen..alg=2 -op.enroll..keyGen..keySize=1024 +op.enroll..keyGen..keySize=2048 op.enroll..keyGen..keyUsage=0 op.enroll..keyGen..keyUser=0 ```