Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2606

Support ECC keys

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Hide
      An agent may be configured to use elliptic curve (EC) private keys using the `key_type=ec` puppet setting. By default, puppet will use the `prime256v1` elliptic curve, but an alternate curve may be specified using the `named_curve` puppet setting, provided ruby and openssl support it. See OpenSSL::PKey::EC.builtin_curves for a list of supported curves. Note the `key_type` and `named_curve` settings are ignored if the agent already has a private key. Also the settings only control the type of private key that the agent generates. It does not affect which curve is selected in the TLS protocol.
      Show
      An agent may be configured to use elliptic curve (EC) private keys using the `key_type=ec` puppet setting. By default, puppet will use the `prime256v1` elliptic curve, but an alternate curve may be specified using the `named_curve` puppet setting, provided ruby and openssl support it. See OpenSSL::PKey::EC.builtin_curves for a list of supported curves. Note the `key_type` and `named_curve` settings are ignored if the agent already has a private key. Also the settings only control the type of private key that the agent generates. It does not affect which curve is selected in the TLS protocol.

      Description

      Right now Puppet is hard coded to only use RSA keys when dealing with certificates. RSA is getting a little long in the tooth, and although it has not been compromised, there are newer algorithms that are not as susceptible to attacks that have been developed.

      OpenSSL supports ECC in addition to RSA. Puppet should become configurable to be able to use ECC for generating keys. This feature should be configurable since not all OpenSSL releases that puppet may be used on are going to have this available.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              redmine.exporter redmine.exporter
              QA Contact:
              Erik Dasher
              Votes:
              4 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support