Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-659

Add restriction for key algorithm in certificate profiles

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: EJBCA 1.0Beta1, EJBCA 1.0Beta2, EJBCA 1.0, EJBCA 1.1, EJBCA 1.2, EJBCA 1.3, EJBCA 1.3.1, bugfix release, EJBCA 1.3.2, bugfix release, EJBCA 2.0 pre1, EJBCA 2.0 pre2, EJBCA 1.4, EJBCA 2.0 Beta1, EJBCA 2.0, EJBCA 2.0.1, EJBCA 2.1, EJBCA 2.1.1, EJBCA 2.1.2, EJBCA 3.0 Beta1, EJBCA 3.0 Beta2, EJBCA 2.1.3, EJBCA 3.0 Beta3, EJBCA 3.0, EJBCA 3.0.1, EJBCA 3.0.2, EJBCA 3.0.3, EJBCA 3.0.4, EJBCA 3.0.5, EJBCA 3.0.6, EJBCA 3.0.7, EJBCA 3.1, EJBCA 3.1.1, EJBCA 3.1.2, EJBCA 3.1.3, EJBCA 3.1.4, EJBCA 3.2, EJBCA 3.2.1, EJBCA 3.2.2, EJBCA 3.3, EJBCA 3.3.1, EJBCA 3.3.2, EJBCA 3.3.3, EJBCA 3.4, EJBCA 3.4.1, EJBCA 3.4.2, EJBCA 3.4.3, EJBCA 3.4.4, EJBCA 3.4.5, EJBCA 3.5, EJBCA 3.5.1, EJBCA 3.5.2
    • Fix Version/s: EJBCA 6.5.0
    • Component/s: PKI core
    • Labels:
      None

      Description

      Currently, there is no restriction regarding key algorithms. This means that if we configure key sizes intended for EC DSA of 384 bits, a client may enroll with a RSA public key of 384 bits, which is less than secure.

      A key algorithm definition should be added on the certificate profile configuration page and validation code should be added to org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(Admin admin, UserDataVO data, CA ca, PublicKey pk, int keyusage, Date notBefore, Date notAfter)

      Credits for reporting: fdbarroso, metaloid, filiperegadas

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              johan Johan Eklund
              Reporter:
              nponte Nuno Ponte
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: