[Enhancement] Support creating ECC Keys

telekom-mms / ansible-collection-acme

An Ansible collection for issuing certificates via the ACME protocol.

GNU General Public License v3.0

49 stars 8 forks source link

[Enhancement] Support creating ECC Keys #87

Closed schurzi closed 1 month ago

schurzi commented 1 year ago

Description

Currently we create a RSA 4096 bit key by default. It seems we also provide the possibility to inport an external key. I think we should also support creating ECC keys directly.

Arguably ECC keys are "better" in many regards so maybe we should even change the default.

Additional information

https://github.com/T-Systems-MMS/ansible-collection-acme/blob/6f8124eb085260aba2f63cbeb64643ecc8c62199/roles/acme/tasks/create-keys.yml#L2-L8

schurzi commented 1 year ago

BSI Recommends in TR-02102-2:

brainpoolP256r1
brainpoolP384r1
brainpoolP512r1
secp256r1
secp384r1
secp521r1

rndmh3ro commented 1 year ago

We should probably make it configurable but default to secure defaults.