I would like to modify the caUserCert profile to so that the
resulting certificate requests are for EC keys. The existing profile appears to
be hardwired for an RSA key. I didn’t find any documentation for EC keys.
I would appreciate any information regarding how to cause a firefox browser to
generate an ECC pair and submit it to the CA. If anyone has succeeded and would
share the profile config file, I’d appreciate it. Some questions I have
are: what is the keytype? (EC, ECC, ECDSA); What keylengths should be used (ECC
lengths -256 or RSA equivalents)? Should the signing algorithm be changed? If
so, what are the allowable names? Does anything else have to be changed
such as the html templates or class files?
Thanks.
Bill Price