yaac icon indicating copy to clipboard operation
yaac copied to clipboard
verified publisher icon afosto

Allow ECDSA P-384 Certs

Open jaysee opened this issue 10 months ago • 0 comments

Hello,

I managed to generate some ECDSA P-384 certs but had to patch the code:

in vendor/afosto/yaac/src/Helper.php

 public static function getNewKey(int $keyLength, int $keyType = OPENSSL_KEYTYPE_RSA): string
    {
        $options = [
            'private_key_bits' => $keyLength,
            'private_key_type' => $keyType,

        ];
        if (OPENSSL_KEYTYPE_EC == $keyType)
            $options['curve_name'] = 'secp384r1';
        $key = openssl_pkey_new($options);

        openssl_pkey_export($key, $pem);

        return $pem;
    }

in vendor/afosto/yaac/src/Client.php

 public function getCertificate(Order $order): Certificate
    {
        $privateKey = Helper::getNewKey($this->getOption('key_length', 4096), $this->getOption('key_type', OPENSSL_KEYTYPE_RSA));
...
  }

 protected function loadKeys()
    {
       ... (just patch the call to getNewKey)
                Helper::getNewKey($this->getOption('key_length', 4096), $this->getOption('key_type', OPENSSL_KEYTYPE_RSA))
       ...
      
    }

now call using :

 new Afosto\Acme\Client([
                'username' => 'xxxx',
                'fs' => $filesystem,
                'mode' => Afosto\Acme\Client::MODE_LIVE,
                'key_length' => 384,
                'key_type' => OPENSSL_KEYTYPE_EC,
            ]);

i'm not sure the keyLenght is still usefull and it's not the best way to 'force' the curve_name, but works. perhaps need to add some more options

Regards

jaysee avatar Apr 14 '25 14:04 jaysee