dagheyman
commented
7 years ago I've verified the behaviour, not sure what the issue is though. Will look into it.
Closed R-Adrian closed 7 years ago
dagheyman
commented
7 years ago I've verified the behaviour, not sure what the issue is though. Will look into it.
dagheyman
commented
7 years ago I believe these ECDSA certificates are not supported in this context on Windows side at the moment.
when i configure the digital certificate slots with PIV Manager in ECC mode (P-256 or P-384), the digital certificates are not recognized by the Windows trust store - they do not appear under Internet Options - Content - certificates - Personal Certificates.
Only RSA 1024 and 2048 certificates are appearing here but the ECC certificates are not recognized as Personal Certificates at all.
tested self-signed certificates: sha256RSA - 1024 bits - is recognized as a personal certificate sha256RSA - 2048 bits - is recognized as a personal certificate sha256ECDSA - ECDSA_P256 - is NOT recognized by Windows 10 as an usable personal certificate for signing sha256ECDSA - ECDSA_P384 - is NOT recognized by Windows 10 as an usable personal certificate for signing
Windows recognizes sha256ECDSA certificates properly when i export them as .CRT files but won't show them as usable when configured for PIV/SmartCard signing. Is this behaviour normal for Windows 10 Pro? is there a KB fix or a TechNet article available from Microsoft for enabling this?
as for RSA 4096 bits - is not even offered as an option by PIV Manager v1.2.1 when generating certificate requests or self-signed certificates, even though RSA 4096 is supposedly supported by Yubikey 4.... (i have opened a separate issue for the missing 4096 bits problem...)