EST ID and Device ID certificates default to using different key types #403
Labels
bug
Something isn't working
Comments
|
Hmm, both of those are wrong, actually. They should both be |
|
Now in the latest version, since the EST ID keys are summarily deleted before attempting to get an EST certificate, I can't even choose the algorithm by pre-generating the EST ID keys, as I was doing before. |
This was referenced Aug 17, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm setting up my service to use dps provisioning using x509 certificates from an est server using an est bootstrap certificate.
I noticed that the est id certificate keys are hard coded to use 256 bit EC keys by default, but the device id certificate is set to use 2048 bit RSA keys.
iot-identity-service/cert/aziot-certd/src/lib.rs
Line 498 in 8448389
iot-identity-service/identity/aziot-identityd/src/identity.rs
Line 846 in 8448389
It would be nice if they were consistent so I didn't have to configure my EST server to handle both types of certificate signing requests, or even better if there was somewhere in the configuration where the preferred algorithms for these keys could be set.
The text was updated successfully, but these errors were encountered: