From f7017b9eedda0ccb35747510a72ae6c329063302 Mon Sep 17 00:00:00 2001
From: Marvin Martinson <marvin@pinecrypt.com>
Date: Thu, 19 Aug 2021 10:46:48 +0000
Subject: [PATCH] Add specific algorithm version

---
 pinecrypt/server/api/bootstrap.py | 1 +
 pinecrypt/server/const.py         | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/pinecrypt/server/api/bootstrap.py b/pinecrypt/server/api/bootstrap.py
index 8b82a2d..b498468 100644
--- a/pinecrypt/server/api/bootstrap.py
+++ b/pinecrypt/server/api/bootstrap.py
@@ -34,6 +34,7 @@ class BootstrapResource(object):
                 key_size=const.KEY_SIZE,
                 curve=const.CURVE_NAME,
                 hash_algorithm=const.CERTIFICATE_HASH_ALGORITHM,
+                key_type_specific = const.KEY_TYPE_SPECIFIC,
                 algorithm=authority.public_key.algorithm,
                 common_name=authority.certificate.subject.native["common_name"],
                 distinguished_name=cert_to_dn(authority.certificate),
diff --git a/pinecrypt/server/const.py b/pinecrypt/server/const.py
index 4f1e48c..7c95035 100644
--- a/pinecrypt/server/const.py
+++ b/pinecrypt/server/const.py
@@ -38,6 +38,7 @@ if not MONGO_URI:
 # Are set later, based on key type
 KEY_SIZE = None
 CURVE_NAME = None
+KEY_TYPE_CLIENTS = None
 
 # python CSRbuilder supports right now sha1, sha256 sha512
 CERTIFICATE_HASH_ALGORITHM = "sha512"
@@ -106,9 +107,12 @@ AUTHORITY_KEYTYPE = getenv_in("AUTHORITY_KEYTYPE", "rsa", "ec")
 
 if AUTHORITY_KEYTYPE == "rsa":
     KEY_SIZE = 4096
+    # Keytype for web JS pki.js wants specific key type
+    KEY_TYPE_SPECIFIC = "RSASSA-PKCS1-v1_5"
 
 if AUTHORITY_KEYTYPE == "ec":
     CURVE_NAME = "secp384r1"
+    KEY_TYPE_SPECIFIC = "ECDSA"
 
 # Tokens
 TOKEN_URL = "https://%(authority_name)s/#action=enroll&title=dev.lan&token=%(token)s&subject=%(subject_username)s&protocols=%(protocols)s"