[
https://issues.apache.org/jira/browse/NIFI-5586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16611436#comment-16611436
]
Andy LoPresto commented on NIFI-5586:
-------------------------------------
If keystores with multiple aliases are supported, this could also be used to
allow NiFi to have both an RSA and ECDSA key to optimize connections with
clients depending on their support for various key types.
See [RSA and ECDSA
performance|https://securitypitfalls.wordpress.com/2014/10/06/rsa-and-ecdsa-performance/]
> Add capability to generate ECDSA keys to TLS Toolkit
> ----------------------------------------------------
>
> Key: NIFI-5586
> URL: https://issues.apache.org/jira/browse/NIFI-5586
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Priority: Major
> Labels: cryptography, ecc, ecdsa, security, tls, tls-toolkit
>
> The TLS Toolkit should be able to generate ECDSA keys to enable NiFi to
> support ECDSA cipher suites.
> Currently, ECDSA keys can be manually generated using external tools and
> loaded into a keystore and truststore that are compatible with NiFi.
> {code}
> keytool -genkeypair -alias ec -keyalg EC -keysize 256 -sigalg SHA256withECDSA
> -validity 365 -storetype JKS -keystore ec-keystore.jks -storepass
> passwordpassword
> keytool -export -alias ec -keystore ec-keystore.jks -file ec-public.pem
> keytool -import -alias ec -file ec-public.pem -keystore ec-truststore.jks
> -storepass passwordpassword
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
