Hi Ernie, > Are the keys generated by BlueOnyx campatible with this 4096-bit RSA key > format?
Not yet. Like everyone else we're still doing the "genrsa" stage of the CSR generation with 2048 bit: sub _gen_private_key { my $cert_dir = shift; Sauce::Util::modifyfile("$cert_dir/key"); system($OPENSSL, 'genrsa', '-out', "$cert_dir/key", '2048', '-sha256'); Sauce::Util::chmodfile(0640, "$cert_dir/key"); return ($? ? 0 : 1); } But that is trivial to fix. We just need a pulldown in the GUI to let you choose if you want 2048 (current default) or 4096 bit and this subroutine then uses whatever you specified. That would cover 4096-bit and SHA-256. However, the notice said: "4096-bit RSA key, P-384 ECC key, and SHA-256". I'm not sure where "P-384 ECC" fits in there, as that would be used during the "genpkey" stage like this: ECC P-384: ========== openssl genpkey -algorithm EC \ -pkeyopt ec_paramgen_curve:P-384 \ -pkeyopt ec_param_enc:named_curve | openssl pkcs8 -top8 -nocrypt -outform der > p384-private-key.p8 So I need to check where we create the private key and fiddle with it's generation as well. Anyway, Ernie: Thanks for the heads up. I'll look into it. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx