OpenPGP-CSP Creating cert key for CA: expand availibility of hash algoritms for signing certs

Creating cert key for CA: expand availibility of hash algoritms for signing certs

Open techge opened this issue 6 years ago • 5 comments

When trying to create a root certificate on OpenPGP Card (signature slot) for a AD CS, only a few hash algorithms for signing certificates issued by the CA can be chosen. Vincent already suggest to fix it by:

Try to replace MS_STRONG_PROV with MS_ENH_RSA_AES_PROV (you may change PROV_RSA_FULL with PROV_RSA_AES).

screenshot_20171116_191513

I will try to do it, but as I have no working building environment set up yet, it may take some time...

Jan 08 '18 18:01 techge

see 639d935680d71116b6f8e92ec8fb67fbea101e57

May 17 '18 20:05 vletoux

Using SHA2 with MS CA requires a KSP and won't work with a CSP

As a proof, Ms Base Smart Card CSP supports only legacy algorithms

May 19 '18 12:05 vletoux

I saw commit 2ab1db2d9d96a70bc4a9b40a2eddbc9cd62753a1. Is this worth retesting already or WIP?

Jun 15 '18 08:06 jans23

KSP is read only (no key generation). Not tested at all. No WIP for the moment.

Jun 15 '18 08:06 vletoux

Please test the latest release

Jul 22 '18 16:07 vletoux

OpenPGP-CSP OpenPGP-CSP copied to clipboard

Creating cert key for CA: expand availibility of hash algoritms for signing certs

OpenPGP-CSP
OpenPGP-CSP copied to clipboard