From f7017b9eedda0ccb35747510a72ae6c329063302 Mon Sep 17 00:00:00 2001 From: Marvin Martinson Date: Thu, 19 Aug 2021 10:46:48 +0000 Subject: [PATCH] Add specific algorithm version --- pinecrypt/server/api/bootstrap.py | 1 + pinecrypt/server/const.py | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/pinecrypt/server/api/bootstrap.py b/pinecrypt/server/api/bootstrap.py index 8b82a2d..b498468 100644 --- a/pinecrypt/server/api/bootstrap.py +++ b/pinecrypt/server/api/bootstrap.py @@ -34,6 +34,7 @@ class BootstrapResource(object): key_size=const.KEY_SIZE, curve=const.CURVE_NAME, hash_algorithm=const.CERTIFICATE_HASH_ALGORITHM, + key_type_specific = const.KEY_TYPE_SPECIFIC, algorithm=authority.public_key.algorithm, common_name=authority.certificate.subject.native["common_name"], distinguished_name=cert_to_dn(authority.certificate), diff --git a/pinecrypt/server/const.py b/pinecrypt/server/const.py index 4f1e48c..7c95035 100644 --- a/pinecrypt/server/const.py +++ b/pinecrypt/server/const.py @@ -38,6 +38,7 @@ if not MONGO_URI: # Are set later, based on key type KEY_SIZE = None CURVE_NAME = None +KEY_TYPE_CLIENTS = None # python CSRbuilder supports right now sha1, sha256 sha512 CERTIFICATE_HASH_ALGORITHM = "sha512" @@ -106,9 +107,12 @@ AUTHORITY_KEYTYPE = getenv_in("AUTHORITY_KEYTYPE", "rsa", "ec") if AUTHORITY_KEYTYPE == "rsa": KEY_SIZE = 4096 + # Keytype for web JS pki.js wants specific key type + KEY_TYPE_SPECIFIC = "RSASSA-PKCS1-v1_5" if AUTHORITY_KEYTYPE == "ec": CURVE_NAME = "secp384r1" + KEY_TYPE_SPECIFIC = "ECDSA" # Tokens TOKEN_URL = "https://%(authority_name)s/#action=enroll&title=dev.lan&token=%(token)s&subject=%(subject_username)s&protocols=%(protocols)s"