Separate key_size (RSA) and key_curve (ECC) in default.cfg

[pki-bot]

This issue was migrated from Pagure Issue #1528. Originally filed by mharmsen (@mharmsen) on 2015-07-31 02:10:01:

• Assigned to nobody

---

Currently, the following 'key_size' variables are used dual-purpose to store either the RSA key size, or the ECC key curve:

[DEFAULT]
* pki_admin_keysize=2048
* pki_ssl_server_key_size=2048
* pki_subsystem_key_size=2048
[CA]
* pki_ca_signing_key_size=2048
* pki_ocsp_signing_key_size=2048
[OCSP]
* pki_ocsp_signing_key_size=2048

NOTE: The following key_size variables are ONLY ever used for RSA key_size:

[DEFAULT]
* pki_audit_signing_key_size=2048
[KRA]
* pki_storage_key_size=2048
* pki_transport_key_size=2048

This ticket proposes the introduction of the following variables to logically separate the desired values and make certain that a valid ECC curve default exists in 'default.cfg':

[DEFAULT]
* pki_admin_key_curve=nistp256
* pki_ssl_server_key_curve=nistp256
* pki_subsystem_key_curve=nistp256
[CA]
* pki_ca_signing_key_curve=nistp256
* pki_ocsp_signing_key_curve=nistp256
[OCSP]
* pki_ocsp_signing_key_curve=nistp256

Proposed Milestone: 10.3

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-08-04 00:38:16

Per CS/DS Meeting of 08/03/2015: 10.3

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-02-27 14:12:18

Metadata Update from @mharmsen:

• Issue set to the milestone: UNTRIAGED