OpenPGP-CSP
OpenPGP-CSP copied to clipboard
Creating cert key for CA: expand availibility of hash algoritms for signing certs
When trying to create a root certificate on OpenPGP Card (signature slot) for a AD CS, only a few hash algorithms for signing certificates issued by the CA can be chosen. Vincent already suggest to fix it by:
Try to replace MS_STRONG_PROV with MS_ENH_RSA_AES_PROV (you may change PROV_RSA_FULL with PROV_RSA_AES).
I will try to do it, but as I have no working building environment set up yet, it may take some time...
see 639d935680d71116b6f8e92ec8fb67fbea101e57
Using SHA2 with MS CA requires a KSP and won't work with a CSP
As a proof, Ms Base Smart Card CSP supports only legacy algorithms
I saw commit 2ab1db2d9d96a70bc4a9b40a2eddbc9cd62753a1. Is this worth retesting already or WIP?
KSP is read only (no key generation). Not tested at all. No WIP for the moment.
Please test the latest release