arsing
commented
2 years ago Hmm, both of those are wrong, actually. They should both be ec-p256:rsa-2048:*
Open AlexN-SFV opened 2 years ago
arsing
commented
2 years ago Hmm, both of those are wrong, actually. They should both be ec-p256:rsa-2048:*
AlexN-SFV
commented
2 years ago Now in the latest version, since the EST ID keys are summarily deleted before attempting to get an EST certificate, I can't even choose the algorithm by pre-generating the EST ID keys, as I was doing before. This is very frustrating.
I'm setting up my service to use dps provisioning using x509 certificates from an est server using an est bootstrap certificate. I noticed that the est id certificate keys are hard coded to use 256 bit EC keys by default, but the device id certificate is set to use 2048 bit RSA keys.
https://github.com/Azure/iot-identity-service/blob/84483897dc832f3343b9aee37370bd17c6aadfbb/cert/aziot-certd/src/lib.rs#L498 https://github.com/Azure/iot-identity-service/blob/84483897dc832f3343b9aee37370bd17c6aadfbb/identity/aziot-identityd/src/identity.rs#L846
It would be nice if they were consistent so I didn't have to configure my EST server to handle both types of certificate signing requests, or even better if there was somewhere in the configuration where the preferred algorithms for these keys could be set.