I would like to modify the caUserCert profile to so that the resulting certificate requests are for EC keys. The existing profile appears to be hardwired for an RSA key. I didn’t find any documentation for EC keys. I would appreciate any information regarding how to cause a firefox browser to generate an ECC pair and submit it to the CA. If anyone has succeeded and would share the profile config file, I’d appreciate it. Some questions I have are: what is the keytype? (EC, ECC, ECDSA); What keylengths should be used (ECC lengths -256 or RSA equivalents)? Should the signing algorithm be changed? If so, what are the allowable names? Does anything else have to be  changed such as the html templates or class files?

 

Thanks.

 

Bill Price