Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9251

Review implementation of the SSH CA

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.4.1
    • Component/s: None
    • Labels:

      Description

      This is a review ticket for the SSH CA Implementation, I've pre-created a review with the relevant information here: http://fisheye.primekey.se/cru/CR-EJBCA-3981?projectKey=CR-EJBCA#CFR-121148

      This ticket mainly covers the implementation of the SSH CA, which is meant to be created as a limited X509 CA with the ability to export its public key in SSH format. Be aware that there may be refactorizations that still need to be done and features yet to add, so if possible try to review the code as is.

      To test:

      • Create a CA, and pick SSH as type. 
      • The crypto token for this CA must have a signing key as RSA or EC P256, P384 or P521. The signing algorithm must be as follows:
        • RSA 1024: SHA1
        • RSA 2048: SHA256
        • RSA 4096: SHA512
        • P256: SHA256
        • P384: SHA384
        • P521: SHA512
      • Creating SSH certificates is currently only possible via WS, and is examined in another ticket 
      • Under CA Structure & CRLs, the public key of this CA can be exported in SSH format 
        • To test this export, run
          ssh-keygen -l -f key.pub
          where key.pub is the exported public key 

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mikek Mike Agrenius Kushner
              Reporter:
              mikek Mike Agrenius Kushner
              Verified by:
              Andrey Sergeev (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: