-
-
Notifications
You must be signed in to change notification settings - Fork 716
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECDSA Support #863
Comments
It's KEY_ALGO.
…On 1/29/22 14:13, Jeff Sani wrote:
I did not see a parameter to support the request of ECDSA certs from
ACMEv2. Am I missing something?
Thanks,
Jeff
—
Reply to this email directly, view it on GitHub
<#863>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJO74S3YQIC3VFJ72AAXKPTUYRRCBANCNFSM5NDMTSTQ>.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you are subscribed to this
thread.KEY_Message ID: ***@***.***>
|
Ok thanks - I see that: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1#KEY_ALGO=secp384r1 But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa. |
prime256v1 is a 256 bit curve used with ecdsa. Secp3841 is a 384 bit curve.
Looks like certbot uses prime256v1 if you choose ecdsa and do not specify a curve.
Choosing the curve for ecdsa is kind of analogous to choosing key length for rsa.
… On Jan 29, 2022, at 16:07, Jeff Sani ***@***.***> wrote:
Ok thanks - I see that:
Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=secp384r1
But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.
|
Got it thanks! |
So in domains_txt.md: It has: then add a config file certs/star_service_example_org_rsa/config with the value KEY_ALGO="rsa" KEY_ALGO="ecdsa" but in the config example, it is: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1#KEY_ALGO=secp384r1 is ecdca as an option deprecated? |
That may be a doc bug. I’m not sure if ecdsa was ever a valid option there, but it definitely isn’t now.
… On Jan 31, 2022, at 13:05, Jeff Sani ***@***.***> wrote:
So in domains_txt.md:
https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md
It has:
then add a config file certs/star_service_example_org_rsa/config with the value
KEY_ALGO="rsa"
or respectively
KEY_ALGO="ecdsa"
but in the config example, it is:
Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=secp384r1
is ecdca as an option deprecated?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.
|
The reference to The allowed values for |
I did not see a parameter to support the request of ECDSA certs from ACMEv2. Am I missing something?
Thanks,
Jeff
The text was updated successfully, but these errors were encountered: