I think it should be possible to issue ECC certs to users - but you would need to modify the certificate profile or (more sensibly) create a separate profile that allows EC keys.
Cheers, Fraser On Mon, Nov 18, 2024 at 03:33:01PM +0100, Winfried de Heiden via FreeIPA-users wrote: > Thanks Rob, > > No EC certificates for now :( > > Winfried > > email handtekening privé Op 18-11-2024 om 15:10 schreef Rob Crittenden via > FreeIPA-users: > > Winfried de Heiden via FreeIPA-users wrote: > > > Hi all, > > > > > > Previously, in another post, I mentioned slowness using Aventra MyEID > > > PKI cards for login, sudo etc. > > > > > > I tried another solution, using EC (Elastic Curve) keys. Speed should > > > benefit, since EC keys are much smaller, keeping the same degree of > > > security. Shoter key = loading faster. > > > > > > Hoever, I seems FreeIPA will not accept and EC key, omly RSA when trying > > > to sing an EC CSR? > > > > > > Would it be possible though to use Elastic Curve certificates? > > ECC is not yet supported in IPA. We have an old issue, > > https://pagure.io/freeipa/issue/3951 , for this but it is still blocked > > by the things mentioned in the ticket (LWCA). > > > > We had de-prioritized this because early thinking post-quantum was that > > ECC certificates would be more easily broken due to their smaller key size. > > > > This is being re-evaluated so its possible that ECC could be supported. > > The when is not clear. It will take a while though. > > > > rob > > > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
