Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Support creating ECC Keys #87

Closed
schurzi opened this issue Jan 31, 2023 · 3 comments · Fixed by #95
Closed

[Enhancement] Support creating ECC Keys #87

schurzi opened this issue Jan 31, 2023 · 3 comments · Fixed by #95
Labels
enhancement New feature or request

Comments

@schurzi
Copy link
Collaborator

schurzi commented Jan 31, 2023

Description

Currently we create a RSA 4096 bit key by default. It seems we also provide the possibility to inport an external key. I think we should also support creating ECC keys directly.

Arguably ECC keys are "better" in many regards so maybe we should even change the default.

Additional information

https://github.com/T-Systems-MMS/ansible-collection-acme/blob/6f8124eb085260aba2f63cbeb64643ecc8c62199/roles/acme/tasks/create-keys.yml#L2-L8
@schurzi schurzi added the enhancement New feature or request label Jan 31, 2023
@schurzi schurzi changed the title [Enhancement] Support ECC Keys [Enhancement] Support creating ECC Keys Jan 31, 2023
@schurzi
Copy link
Collaborator Author

schurzi commented Jan 31, 2023

see also https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys

@schurzi
Copy link
Collaborator Author

schurzi commented Jan 31, 2023

BSI Recommends in TR-02102-2:

  • brainpoolP256r1
  • brainpoolP384r1
  • brainpoolP512r1
  • secp256r1
  • secp384r1
  • secp521r1

@rndmh3ro
Copy link
Collaborator

We should probably make it configurable but default to secure defaults.

@avalor1 avalor1 linked a pull request May 31, 2023 that will close this issue
Add ECC key creation support #95
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add ECC key creation support telekom-mms/ansible-collection-acme
2 participants
@schurzi @rndmh3ro