Re: [Pki-devel] [PATCH] Add certutil options for ECC

Please review the attached patch which addresses the following issue: * PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating ecc admin certificate <https://fedorahosted.org/pki/ticket/1524> Tested patch by creating both an RSA CA as well as an ECC CA. Did a simple successful enrollment for both; checked the Admin cert to verify that it was an RSA admin cert for RSA CA: Certificate: Data: Version: v3 Serial Number: 0x6 Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Issuer: CN=CA Signing Certificate,O=example.com Security Domain Validity: Not Before: Tuesday, July 28, 2015 6:22:41 PM MDT America/Denver Not After: Monday, July 17, 2017 6:22:41 PM MDT America/Denver Subject: CN=PKI Administrator,E=caadmin(a)example.com,O=example.com Security Domain Subject Public Key Info: *Algorithm: RSA - 1.2.840.113549.1.1.1* Public Key: Exponent: 65537 Public Key Modulus: (2048 bits) : E7:3C:D6:6D:A2:0A:B0:D7:AF:8D:3F:D7:63:69:69:F7: F2:90:A6:AC:2C:9C:63:D0:A7:81:C2:2C:C6:C8:2F:7E: 28:A0:69:99:30:3F:8C:F0:F2:D5:1C:19:E0:D8:81:BD: C3:4C:09:89:62:FB:86:63:76:8E:6B:EC:B1:DA:15:CA: B7:27:F1:F4:60:40:E8:F3:9F:39:0F:22:F5:9C:2E:E1: EB:F6:47:CA:01:60:93:6E:D1:30:DD:4A:27:F0:7C:36: 93:DB:88:31:38:86:9E:CB:2C:87:02:49:3A:76:22:64: 13:B3:F2:62:D8:6A:EA:06:B5:FF:DE:65:C3:FF:2D:33: 91:C1:FF:10:DA:DE:80:58:D4:C3:F1:61:4D:3D:8A:05: 63:5E:7D:54:DC:FF:18:7E:A9:0C:8D:76:EE:5A:27:42: 1B:B0:59:4A:56:0E:3B:66:AD:95:42:F5:3B:5C:EA:71: 19:98:02:25:D9:A6:68:7D:02:5F:09:CB:0E:C2:22:9D: 9A:04:19:06:F5:7F:98:C6:2E:8F:BB:1A:71:1B:15:0B: E5:E6:3B:75:65:A8:36:20:42:60:52:48:11:77:3D:C7: 94:5A:DE:8E:4E:A8:89:BA:B5:00:6A:00:9F:BE:FF:F9: 10:52:1F:D6:DC:16:2D:7D:E4:79:6C:4D:87:CC:A0:E9 Extensions: Identifier: Authority Key Identifier - 2.5.29.35 Critical: no Key Identifier: C4:08:DF:28:92:11:38:F4:AD:0D:7C:04:4F:3E:17:1F: 7D:39:0F:26 Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 Critical: no Access Description: Method #0: ocsp Location #0: URIName: http://pki.example.com:8080/ca/ocsp Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Non Repudiation Key Encipherment Data Encipherment Identifier: Extended Key Usage: - 2.5.29.37 Critical: no Extended Key Usage: 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.4 Signature: Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 Signature: E0:6A:60:38:3F:D2:B3:C0:D0:D8:0F:01:80:B3:64:FC: CE:0F:53:2B:42:21:26:03:CB:55:12:86:48:7D:FF:99: C3:7E:BB:32:A2:46:2F:38:D4:E0:C7:FD:38:93:2C:07: 47:DA:72:AA:36:63:50:CF:8F:95:F3:B7:6C:95:8E:A5: 89:FB:70:69:8B:37:65:ED:F1:7F:65:5E:E7:89:5C:BF: B9:2C:AB:10:77:D1:50:35:AC:88:CB:8B:E1:49:5C:CB: E2:6F:0D:25:FD:8B:B5:FD:C5:80:B4:B2:A6:19:19:51: CA:3B:9A:45:C2:EC:16:23:F1:94:5B:7B:2C:FC:64:56: 4E:ED:C8:D0:9A:54:3A:A7:EE:A1:80:18:56:EC:38:79: 5E:72:6E:7E:E9:40:7B:7F:9C:7C:E5:61:5A:93:B9:70: 8C:DA:8E:3A:A3:06:C4:04:15:6A:FF:0D:1D:25:D1:FF: 78:E4:18:AC:88:3F:0A:8F:11:C2:65:3F:BC:0F:B5:06: CF:41:37:57:34:76:4B:85:9A:C2:DE:94:AA:E4:94:28: CC:12:87:E4:FE:53:8F:DD:9E:2F:7F:6D:15:78:68:B5: 06:B9:A3:4A:67:CF:E5:CC:27:46:B0:FB:12:99:78:6C: 28:A9:63:7F:82:8E:01:2A:53:F5:35:6A:53:AF:B6:D0 FingerPrint MD2: EE:AD:F2:AD:6B:9B:0C:B1:79:EA:04:75:65:30:79:7D MD5: FE:8B:68:52:E6:D4:56:ED:BD:12:2F:76:04:09:31:D5 SHA-1: DE:6D:08:9C:3D:FC:D1:21:9D:69:70:7E:0D:0D:9A:6E: B2:DD:13:3F SHA-256: 62:D8:A2:F6:D7:E5:80:76:AB:BE:09:2E:70:9E:E3:88: 26:3A:8D:60:E0:F2:75:E8:36:1B:15:27:08:56:3A:21 SHA-512: 86:E7:26:A3:DB:92:51:F2:85:FA:E9:A1:2C:D4:43:0D: 98:78:91:4C:53:AF:3D:0F:C3:9D:F3:98:9E:95:DE:CA: 6C:16:C8:0F:6F:A5:F6:97:11:6F:08:63:EC:35:38:AB: CD:4B:9A:82:17:27:0D:5B:D2:8C:6D:05:D5:E1:BE:06 and an ECC admin cert for the ECC CA: Certificate: Data: Version: v3 Serial Number: 0x6 Signature Algorithm: SHA256withEC - 1.2.840.10045.4.3.2 Issuer: CN=CA Signing Certificate,O=example.com Security Domain Validity: Not Before: Tuesday, July 28, 2015 6:35:44 PM MDT America/Denver Not After: Monday, July 17, 2017 6:35:44 PM MDT America/Denver Subject: CN=PKI Administrator,E=caadmin(a)example.com,O=example.com Security Domain Subject Public Key Info: * Algorithm: EC - 1.2.840.10045.2.1* Public Key: 04:F6:A6:B3:82:E4:5A:04:75:BC:F0:8F:30:44:20:34: CC:4C:2D:D2:3C:51:16:C6:C6:7B:F4:89:91:C8:BD:B6: 29:4B:B7:99:27:B9:D8:0C:F2:C9:4F:5A:C3:89:81:EC: 7A:EC:3E:83:07:5D:46:F3:23:AF:96:D7:E4:4F:89:C8: FA Extensions: Identifier: Authority Key Identifier - 2.5.29.35 Critical: no Key Identifier: D7:D9:BD:50:7F:63:ED:D3:0B:DA:79:13:CC:6C:B0:B0: 21:71:CF:6C Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 Critical: no Access Description: Method #0: ocsp Location #0: URIName: http://pki.example.com:8080/ca/ocsp Identifier: Key Usage: - 2.5.29.15 Critical: yes Key Usage: Digital Signature Non Repudiation Key Encipherment Data Encipherment Identifier: Extended Key Usage: - 2.5.29.37 Critical: no Extended Key Usage: 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.7.3.4 Signature: Algorithm: SHA256withEC - 1.2.840.10045.4.3.2 Signature: 30:44:02:20:63:0B:65:D6:46:54:04:44:5F:6B:EE:96: CA:39:5F:ED:1A:69:D3:95:02:73:E2:C4:28:E7:C6:8C: B2:C5:55:3D:02:20:21:13:02:F8:10:B8:08:B9:1D:98: FB:18:FC:B4:F5:34:80:D9:C4:89:E8:F9:6E:63:29:9E: E9:67:D7:3E:AB:C2 FingerPrint MD2: 34:F9:08:E4:4E:62:D8:45:2E:12:58:E1:77:2C:DA:0F MD5: 6B:E8:3C:5C:67:E0:67:FE:6D:E3:D4:E1:F6:6C:35:5E SHA-1: 2D:A5:92:BA:8A:F7:A2:41:54:46:C9:2C:C7:FB:C2:E0: EC:06:E3:DC SHA-256: 28:4F:EC:64:4B:67:44:1A:10:35:3F:DE:A8:AD:EF:B7: C2:22:0C:FE:E7:94:EA:B4:6E:4A:32:45:AE:FC:CE:E1 SHA-512: 8F:3E:F9:8B:A5:AC:3E:9E:2A:94:ED:5B:EC:EB:3F:19: 2F:CE:62:E5:8D:72:6A:D8:B8:C0:81:9B:9E:60:CE:9F: B7:8D:35:E5:F5:A2:8B:34:BD:EB:FD:B3:12:41:20:FB: 07:81:3D:42:52:9A:50:3F:8A:19:B3:5B:A1:EF:1D:15 _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel