From 08b337acfdef294e4b0875f9d87198df291558aa Mon Sep 17 00:00:00 2001 From: Yevhen Syvachenko Date: Fri, 2 Apr 2021 21:30:49 +0300 Subject: [PATCH] Allow longer RSA key lengths and add PSS support for acmeServerCert profile. - Allow using RSA key length up to 16384, this is what OpenSSL recommends to generate. OpenSSL can generate longer keys, but shows a warning that it is not recommended. - Allow using PSS signing algorithms for ACME Server certificates. Related: https://github.com/dogtagpki/pki/issues/3491 Signed-off-by: Yevhen Syvachenko --- base/ca/shared/profiles/ca/AdminCert.cfg | 2 +- base/ca/shared/profiles/ca/acmeServerCert.cfg | 4 ++-- base/ca/shared/profiles/ca/caAdminCert.cfg | 2 +- base/ca/shared/profiles/ca/caAgentFileSigning.cfg | 2 +- base/ca/shared/profiles/ca/caAgentServerCert.cfg | 2 +- base/ca/shared/profiles/ca/caAuditSigningCert.cfg | 2 +- base/ca/shared/profiles/ca/caCACert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCauditSigningCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCcaCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCocspCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCserverCert.cfg | 2 +- base/ca/shared/profiles/ca/caCMCsubsystemCert.cfg | 2 +- base/ca/shared/profiles/ca/caCrossSignedCACert.cfg | 2 +- base/ca/shared/profiles/ca/caDirBasedDualCert.cfg | 4 ++-- base/ca/shared/profiles/ca/caDirPinUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caDirUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caDualCert.cfg | 4 ++-- base/ca/shared/profiles/ca/caDualRAuserCert.cfg | 2 +- base/ca/shared/profiles/ca/caEncUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caFullCMCSharedTokenCert.cfg | 2 +- base/ca/shared/profiles/ca/caFullCMCUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caFullCMCUserSignedCert.cfg | 2 +- base/ca/shared/profiles/ca/caIPAserviceCert.cfg | 2 +- base/ca/shared/profiles/ca/caInstallCACert.cfg | 2 +- base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg | 2 +- base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg | 2 +- base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg | 2 +- base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg | 2 +- base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg | 2 +- base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg | 2 +- base/ca/shared/profiles/ca/caJarSigningCert.cfg | 2 +- base/ca/shared/profiles/ca/caOCSPCert.cfg | 2 +- base/ca/shared/profiles/ca/caOtherCert.cfg | 2 +- base/ca/shared/profiles/ca/caRACert.cfg | 2 +- base/ca/shared/profiles/ca/caRARouterCert.cfg | 2 +- base/ca/shared/profiles/ca/caRAagentCert.cfg | 2 +- base/ca/shared/profiles/ca/caRAserverCert.cfg | 2 +- base/ca/shared/profiles/ca/caRouterCert.cfg | 2 +- base/ca/shared/profiles/ca/caServerCert.cfg | 2 +- base/ca/shared/profiles/ca/caServerCertWithSCT.cfg | 2 +- base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg | 2 +- base/ca/shared/profiles/ca/caSignedLogCert.cfg | 2 +- base/ca/shared/profiles/ca/caSigningUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caStorageCert.cfg | 2 +- base/ca/shared/profiles/ca/caSubsystemCert.cfg | 2 +- base/ca/shared/profiles/ca/caTPSCert.cfg | 2 +- base/ca/shared/profiles/ca/caTransportCert.cfg | 2 +- base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg | 2 +- base/ca/shared/profiles/ca/caUserCert.cfg | 2 +- base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg | 2 +- 55 files changed, 58 insertions(+), 58 deletions(-) diff --git a/base/ca/shared/profiles/ca/AdminCert.cfg b/base/ca/shared/profiles/ca/AdminCert.cfg index 56c230cf9f2..34ef01a5ae3 100644 --- a/base/ca/shared/profiles/ca/AdminCert.cfg +++ b/base/ca/shared/profiles/ca/AdminCert.cfg @@ -31,7 +31,7 @@ policyset.adminCertSet.2.default.params.startTime=0 policyset.adminCertSet.3.constraint.class_id=keyConstraintImpl policyset.adminCertSet.3.constraint.name=Key Constraint policyset.adminCertSet.3.constraint.params.keyType=RSA -policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.adminCertSet.3.default.class_id=userKeyDefaultImpl policyset.adminCertSet.3.default.name=Key Default policyset.adminCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/acmeServerCert.cfg b/base/ca/shared/profiles/ca/acmeServerCert.cfg index 7d0af13bb49..b112bc1ce0c 100644 --- a/base/ca/shared/profiles/ca/acmeServerCert.cfg +++ b/base/ca/shared/profiles/ca/acmeServerCert.cfg @@ -85,7 +85,7 @@ policyset.serverCertSet.7.default.params.range=90 policyset.serverCertSet.7.default.params.startTime=0 policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl policyset.serverCertSet.8.constraint.name=No Constraint -policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC,SHA256withRSA/PSS,SHA384withRSA/PSS,SHA512withRSA/PSS policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl policyset.serverCertSet.8.default.name=Signing Alg policyset.serverCertSet.8.default.params.signingAlg=- @@ -96,7 +96,7 @@ policyset.serverCertSet.9.default.name=SAN to CN Default policyset.serverCertSet.10.constraint.class_id=keyConstraintImpl policyset.serverCertSet.10.constraint.name=Key Constraint policyset.serverCertSet.10.constraint.params.keyType=RSA -policyset.serverCertSet.10.constraint.params.keyParameters=2048,3072,4096 +policyset.serverCertSet.10.constraint.params.keyParameters=2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.10.default.class_id=userKeyDefaultImpl policyset.serverCertSet.10.default.name=Key Default policyset.serverCertSet.11.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caAdminCert.cfg b/base/ca/shared/profiles/ca/caAdminCert.cfg index 1aea6b53560..5521129e182 100644 --- a/base/ca/shared/profiles/ca/caAdminCert.cfg +++ b/base/ca/shared/profiles/ca/caAdminCert.cfg @@ -32,7 +32,7 @@ policyset.adminCertSet.2.default.params.startTime=0 policyset.adminCertSet.3.constraint.class_id=keyConstraintImpl policyset.adminCertSet.3.constraint.name=Key Constraint policyset.adminCertSet.3.constraint.params.keyType=RSA -policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.adminCertSet.3.default.class_id=userKeyDefaultImpl policyset.adminCertSet.3.default.name=Key Default policyset.adminCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caAgentFileSigning.cfg b/base/ca/shared/profiles/ca/caAgentFileSigning.cfg index 92a96dccf9c..46ee16101dd 100644 --- a/base/ca/shared/profiles/ca/caAgentFileSigning.cfg +++ b/base/ca/shared/profiles/ca/caAgentFileSigning.cfg @@ -31,7 +31,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caAgentServerCert.cfg b/base/ca/shared/profiles/ca/caAgentServerCert.cfg index 20ce830a953..f4ea691c075 100644 --- a/base/ca/shared/profiles/ca/caAgentServerCert.cfg +++ b/base/ca/shared/profiles/ca/caAgentServerCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caAuditSigningCert.cfg b/base/ca/shared/profiles/ca/caAuditSigningCert.cfg index 68dfcadd7d7..6bdbc4a538f 100644 --- a/base/ca/shared/profiles/ca/caAuditSigningCert.cfg +++ b/base/ca/shared/profiles/ca/caAuditSigningCert.cfg @@ -31,7 +31,7 @@ policyset.auditSigningCertSet.2.default.params.startTime=0 policyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl policyset.auditSigningCertSet.3.constraint.name=Key Constraint policyset.auditSigningCertSet.3.constraint.params.keyType=- -policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521 +policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp521 policyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl policyset.auditSigningCertSet.3.default.name=Key Default policyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCACert.cfg b/base/ca/shared/profiles/ca/caCACert.cfg index 8fd7d3361c8..e724de70df6 100644 --- a/base/ca/shared/profiles/ca/caCACert.cfg +++ b/base/ca/shared/profiles/ca/caCACert.cfg @@ -30,7 +30,7 @@ policyset.caCertSet.2.default.params.startTime=0 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl policyset.caCertSet.3.constraint.name=Key Constraint policyset.caCertSet.3.constraint.params.keyType=- -policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl policyset.caCertSet.3.default.name=Key Default policyset.caCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/base/ca/shared/profiles/ca/caCMCUserCert.cfg index 204a3d9c1e4..60461e5e76d 100644 --- a/base/ca/shared/profiles/ca/caCMCUserCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCUserCert.cfg @@ -30,7 +30,7 @@ policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint policyset.cmcUserCertSet.3.constraint.params.keyType=RSA -policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default policyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCauditSigningCert.cfg b/base/ca/shared/profiles/ca/caCMCauditSigningCert.cfg index 8a628bfbc1e..a5c5c4e2389 100644 --- a/base/ca/shared/profiles/ca/caCMCauditSigningCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCauditSigningCert.cfg @@ -30,7 +30,7 @@ policyset.auditSigningCertSet.2.default.params.startTime=0 policyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl policyset.auditSigningCertSet.3.constraint.name=Key Constraint policyset.auditSigningCertSet.3.constraint.params.keyType=- -policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521 +policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp521 policyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl policyset.auditSigningCertSet.3.default.name=Key Default policyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCcaCert.cfg b/base/ca/shared/profiles/ca/caCMCcaCert.cfg index 8480a98b7cc..ba241cac57a 100644 --- a/base/ca/shared/profiles/ca/caCMCcaCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCcaCert.cfg @@ -28,7 +28,7 @@ policyset.caCertSet.2.default.params.startTime=0 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl policyset.caCertSet.3.constraint.name=Key Constraint policyset.caCertSet.3.constraint.params.keyType=- -policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl policyset.caCertSet.3.default.name=Key Default policyset.caCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg b/base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg index 331a8898302..c173e489723 100644 --- a/base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg @@ -30,7 +30,7 @@ policyset.drmStorageCertSet.2.default.params.startTime=0 policyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl policyset.drmStorageCertSet.3.constraint.name=Key Constraint policyset.drmStorageCertSet.3.constraint.params.keyType=RSA -policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl policyset.drmStorageCertSet.3.default.name=Key Default policyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg b/base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg index 1fa0f5ee907..a9c6c0fb1ed 100644 --- a/base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg @@ -30,7 +30,7 @@ policyset.transportCertSet.2.default.params.startTime=0 policyset.transportCertSet.3.constraint.class_id=keyConstraintImpl policyset.transportCertSet.3.constraint.name=Key Constraint policyset.transportCertSet.3.constraint.params.keyType=RSA -policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.transportCertSet.3.default.class_id=userKeyDefaultImpl policyset.transportCertSet.3.default.name=Key Default policyset.transportCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCocspCert.cfg b/base/ca/shared/profiles/ca/caCMCocspCert.cfg index d68b6bb0f0c..f1af6ce6204 100644 --- a/base/ca/shared/profiles/ca/caCMCocspCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCocspCert.cfg @@ -30,7 +30,7 @@ policyset.ocspCertSet.2.default.params.startTime=0 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl policyset.ocspCertSet.3.constraint.name=Key Constraint policyset.ocspCertSet.3.constraint.params.keyType=- -policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl policyset.ocspCertSet.3.default.name=Key Default policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCserverCert.cfg b/base/ca/shared/profiles/ca/caCMCserverCert.cfg index 6cba817d843..86c8eaa36dd 100644 --- a/base/ca/shared/profiles/ca/caCMCserverCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCserverCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCMCsubsystemCert.cfg b/base/ca/shared/profiles/ca/caCMCsubsystemCert.cfg index c71f11d0afc..ca0dfbb2db5 100644 --- a/base/ca/shared/profiles/ca/caCMCsubsystemCert.cfg +++ b/base/ca/shared/profiles/ca/caCMCsubsystemCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg b/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg index 4324e3303d2..14d678d1e13 100644 --- a/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg +++ b/base/ca/shared/profiles/ca/caCrossSignedCACert.cfg @@ -27,7 +27,7 @@ policyset.caCertSet.2.default.params.startTime=0 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl policyset.caCertSet.3.constraint.name=Key Constraint policyset.caCertSet.3.constraint.params.keyType=- -policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl policyset.caCertSet.3.default.name=Key Default policyset.caCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg b/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg index fcd86f1fe9f..e3ebe410517 100644 --- a/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg +++ b/base/ca/shared/profiles/ca/caDirBasedDualCert.cfg @@ -31,7 +31,7 @@ policyset.encryptionCertSet.2.default.params.startTime=0 policyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl policyset.encryptionCertSet.3.constraint.name=Key Constraint policyset.encryptionCertSet.3.constraint.params.keyType=RSA -policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl policyset.encryptionCertSet.3.default.name=Key Default policyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl @@ -113,7 +113,7 @@ policyset.signingCertSet.2.default.params.startTime=0 policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl policyset.signingCertSet.3.constraint.name=Key Constraint policyset.signingCertSet.3.constraint.params.keyType=RSA -policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.signingCertSet.3.default.class_id=userKeyDefaultImpl policyset.signingCertSet.3.default.name=Key Default policyset.signingCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caDirPinUserCert.cfg b/base/ca/shared/profiles/ca/caDirPinUserCert.cfg index 1dd920926ea..906aa9dd368 100644 --- a/base/ca/shared/profiles/ca/caDirPinUserCert.cfg +++ b/base/ca/shared/profiles/ca/caDirPinUserCert.cfg @@ -35,7 +35,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=RSA -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caDirUserCert.cfg b/base/ca/shared/profiles/ca/caDirUserCert.cfg index 04710e43ac8..9a06f8e30c1 100644 --- a/base/ca/shared/profiles/ca/caDirUserCert.cfg +++ b/base/ca/shared/profiles/ca/caDirUserCert.cfg @@ -35,7 +35,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=RSA -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caDualCert.cfg b/base/ca/shared/profiles/ca/caDualCert.cfg index 29f92e3caf1..303271a1179 100644 --- a/base/ca/shared/profiles/ca/caDualCert.cfg +++ b/base/ca/shared/profiles/ca/caDualCert.cfg @@ -31,7 +31,7 @@ policyset.encryptionCertSet.2.default.params.startTime=0 policyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl policyset.encryptionCertSet.3.constraint.name=Key Constraint policyset.encryptionCertSet.3.constraint.params.keyType=RSA -policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl policyset.encryptionCertSet.3.default.name=Key Default policyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl @@ -113,7 +113,7 @@ policyset.signingCertSet.2.default.params.startTime=0 policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl policyset.signingCertSet.3.constraint.name=Key Constraint policyset.signingCertSet.3.constraint.params.keyType=RSA -policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.signingCertSet.3.default.class_id=userKeyDefaultImpl policyset.signingCertSet.3.default.name=Key Default policyset.signingCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caDualRAuserCert.cfg b/base/ca/shared/profiles/ca/caDualRAuserCert.cfg index b637c9b9e4f..9fd6273c629 100644 --- a/base/ca/shared/profiles/ca/caDualRAuserCert.cfg +++ b/base/ca/shared/profiles/ca/caDualRAuserCert.cfg @@ -30,7 +30,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=RSA -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caEncUserCert.cfg b/base/ca/shared/profiles/ca/caEncUserCert.cfg index 0036518559f..1df608b5a6d 100644 --- a/base/ca/shared/profiles/ca/caEncUserCert.cfg +++ b/base/ca/shared/profiles/ca/caEncUserCert.cfg @@ -31,7 +31,7 @@ policyset.encryptionCertSet.2.default.params.startTime=0 policyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl policyset.encryptionCertSet.3.constraint.name=Key Constraint policyset.encryptionCertSet.3.constraint.params.keyType=RSA -policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl policyset.encryptionCertSet.3.default.name=Key Default policyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caFullCMCSharedTokenCert.cfg b/base/ca/shared/profiles/ca/caFullCMCSharedTokenCert.cfg index 2afa7c2e60c..be3f394c05f 100644 --- a/base/ca/shared/profiles/ca/caFullCMCSharedTokenCert.cfg +++ b/base/ca/shared/profiles/ca/caFullCMCSharedTokenCert.cfg @@ -26,7 +26,7 @@ policyset.cmcUserCertSet.2.default.params.range=180 policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint -policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.cmcUserCertSet.3.constraint.params.keyType=RSA policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default diff --git a/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg b/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg index e60bc600ace..d6bc294c684 100644 --- a/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg +++ b/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg @@ -29,7 +29,7 @@ policyset.cmcUserCertSet.2.default.params.range=180 policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint -policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.cmcUserCertSet.3.constraint.params.keyType=RSA policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default diff --git a/base/ca/shared/profiles/ca/caFullCMCUserSignedCert.cfg b/base/ca/shared/profiles/ca/caFullCMCUserSignedCert.cfg index 2356e290b97..52aa80df6ec 100644 --- a/base/ca/shared/profiles/ca/caFullCMCUserSignedCert.cfg +++ b/base/ca/shared/profiles/ca/caFullCMCUserSignedCert.cfg @@ -37,7 +37,7 @@ policyset.cmcUserCertSet.2.default.params.range=180 policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint -policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.cmcUserCertSet.3.constraint.params.keyType=RSA policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default diff --git a/base/ca/shared/profiles/ca/caIPAserviceCert.cfg b/base/ca/shared/profiles/ca/caIPAserviceCert.cfg index 2fa7ff67009..9879100f523 100644 --- a/base/ca/shared/profiles/ca/caIPAserviceCert.cfg +++ b/base/ca/shared/profiles/ca/caIPAserviceCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInstallCACert.cfg b/base/ca/shared/profiles/ca/caInstallCACert.cfg index 7c433c025f7..e8167b75649 100644 --- a/base/ca/shared/profiles/ca/caInstallCACert.cfg +++ b/base/ca/shared/profiles/ca/caInstallCACert.cfg @@ -31,7 +31,7 @@ policyset.caCertSet.2.default.params.startTime=0 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl policyset.caCertSet.3.constraint.name=Key Constraint policyset.caCertSet.3.constraint.params.keyType=- -policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl policyset.caCertSet.3.default.name=Key Default policyset.caCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg index 86f288e5092..73a7ea3a1fb 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg @@ -31,7 +31,7 @@ policyset.auditSigningCertSet.2.default.params.startTime=0 policyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl policyset.auditSigningCertSet.3.constraint.name=Key Constraint policyset.auditSigningCertSet.3.constraint.params.keyType=- -policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521 +policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp521 policyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl policyset.auditSigningCertSet.3.default.name=Key Default policyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg index 23a0850c8ad..891161be037 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg @@ -31,7 +31,7 @@ policyset.drmStorageCertSet.2.default.params.startTime=0 policyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl policyset.drmStorageCertSet.3.constraint.name=Key Constraint policyset.drmStorageCertSet.3.constraint.params.keyType=- -policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl policyset.drmStorageCertSet.3.default.name=Key Default policyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg index 5e2a61cb0af..7e9a106f586 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg @@ -31,7 +31,7 @@ policyset.ocspCertSet.2.default.params.startTime=0 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl policyset.ocspCertSet.3.constraint.name=Key Constraint policyset.ocspCertSet.3.constraint.params.keyType=- -policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl policyset.ocspCertSet.3.default.name=Key Default policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg index cf8925141ad..cc7bbc26e19 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg @@ -32,7 +32,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg index 41d8cf01cea..9b8bdbdd331 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg @@ -33,7 +33,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg index e676250437b..087ad1c7a28 100644 --- a/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg +++ b/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg @@ -31,7 +31,7 @@ policyset.transportCertSet.2.default.params.startTime=0 policyset.transportCertSet.3.constraint.class_id=keyConstraintImpl policyset.transportCertSet.3.constraint.name=Key Constraint policyset.transportCertSet.3.constraint.params.keyType=- -policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.transportCertSet.3.default.class_id=userKeyDefaultImpl policyset.transportCertSet.3.default.name=Key Default policyset.transportCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caJarSigningCert.cfg b/base/ca/shared/profiles/ca/caJarSigningCert.cfg index 8d29c05168e..64330475c0f 100644 --- a/base/ca/shared/profiles/ca/caJarSigningCert.cfg +++ b/base/ca/shared/profiles/ca/caJarSigningCert.cfg @@ -30,7 +30,7 @@ policyset.caJarSigningSet.2.default.params.range=1461 policyset.caJarSigningSet.2.default.params.startTime=0 policyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl policyset.caJarSigningSet.3.constraint.name=Key Constraint -policyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.caJarSigningSet.3.constraint.params.keyType=RSA policyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl policyset.caJarSigningSet.3.default.name=Key Default diff --git a/base/ca/shared/profiles/ca/caOCSPCert.cfg b/base/ca/shared/profiles/ca/caOCSPCert.cfg index 421db6eb980..9767af51202 100644 --- a/base/ca/shared/profiles/ca/caOCSPCert.cfg +++ b/base/ca/shared/profiles/ca/caOCSPCert.cfg @@ -30,7 +30,7 @@ policyset.ocspCertSet.2.default.params.startTime=0 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl policyset.ocspCertSet.3.constraint.name=Key Constraint policyset.ocspCertSet.3.constraint.params.keyType=- -policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl policyset.ocspCertSet.3.default.name=Key Default policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caOtherCert.cfg b/base/ca/shared/profiles/ca/caOtherCert.cfg index d8c6ca9c950..b86ea4af8ea 100644 --- a/base/ca/shared/profiles/ca/caOtherCert.cfg +++ b/base/ca/shared/profiles/ca/caOtherCert.cfg @@ -30,7 +30,7 @@ policyset.otherCertSet.2.default.params.startTime=0 policyset.otherCertSet.3.constraint.class_id=keyConstraintImpl policyset.otherCertSet.3.constraint.name=Key Constraint policyset.otherCertSet.3.constraint.params.keyType=- -policyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.otherCertSet.3.default.class_id=userKeyDefaultImpl policyset.otherCertSet.3.default.name=Key Default policyset.otherCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caRACert.cfg b/base/ca/shared/profiles/ca/caRACert.cfg index 35e3726eab0..a09b1cf4fbc 100644 --- a/base/ca/shared/profiles/ca/caRACert.cfg +++ b/base/ca/shared/profiles/ca/caRACert.cfg @@ -30,7 +30,7 @@ policyset.raCertSet.2.default.params.startTime=0 policyset.raCertSet.3.constraint.class_id=keyConstraintImpl policyset.raCertSet.3.constraint.name=Key Constraint policyset.raCertSet.3.constraint.params.keyType=RSA -policyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.raCertSet.3.default.class_id=userKeyDefaultImpl policyset.raCertSet.3.default.name=Key Default policyset.raCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caRARouterCert.cfg b/base/ca/shared/profiles/ca/caRARouterCert.cfg index 2cdd8249e03..27c9dca0ace 100644 --- a/base/ca/shared/profiles/ca/caRARouterCert.cfg +++ b/base/ca/shared/profiles/ca/caRARouterCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caRAagentCert.cfg b/base/ca/shared/profiles/ca/caRAagentCert.cfg index b7937e168f4..860392edf00 100644 --- a/base/ca/shared/profiles/ca/caRAagentCert.cfg +++ b/base/ca/shared/profiles/ca/caRAagentCert.cfg @@ -31,7 +31,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=RSA -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caRAserverCert.cfg b/base/ca/shared/profiles/ca/caRAserverCert.cfg index 49f6fbd2dce..5065ae2e4a4 100644 --- a/base/ca/shared/profiles/ca/caRAserverCert.cfg +++ b/base/ca/shared/profiles/ca/caRAserverCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caRouterCert.cfg b/base/ca/shared/profiles/ca/caRouterCert.cfg index 3ce2230659a..36c00843ed1 100644 --- a/base/ca/shared/profiles/ca/caRouterCert.cfg +++ b/base/ca/shared/profiles/ca/caRouterCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caServerCert.cfg b/base/ca/shared/profiles/ca/caServerCert.cfg index 5d1225eb151..da7cd5b6933 100644 --- a/base/ca/shared/profiles/ca/caServerCert.cfg +++ b/base/ca/shared/profiles/ca/caServerCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caServerCertWithSCT.cfg b/base/ca/shared/profiles/ca/caServerCertWithSCT.cfg index 08b4f82bbde..4ca4e4fa213 100644 --- a/base/ca/shared/profiles/ca/caServerCertWithSCT.cfg +++ b/base/ca/shared/profiles/ca/caServerCertWithSCT.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg b/base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg index ea1acfb34a0..04119f0df4a 100644 --- a/base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg +++ b/base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg @@ -37,7 +37,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=- -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.userCertSet.3.default.class_id=serverKeygenUserKeyDefaultImpl policyset.userCertSet.3.default.name=Server-Side Keygen Default policyset.userCertSet.3.default.params.keyType=RSA diff --git a/base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg b/base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg index b8c3e10f276..f5725e536da 100644 --- a/base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg +++ b/base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg @@ -37,7 +37,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=- -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.userCertSet.3.default.class_id=serverKeygenUserKeyDefaultImpl policyset.userCertSet.3.default.name=Server-Side Keygen Default policyset.userCertSet.3.default.params.keyType=RSA diff --git a/base/ca/shared/profiles/ca/caSignedLogCert.cfg b/base/ca/shared/profiles/ca/caSignedLogCert.cfg index bc6a85e87b5..295e5da5537 100644 --- a/base/ca/shared/profiles/ca/caSignedLogCert.cfg +++ b/base/ca/shared/profiles/ca/caSignedLogCert.cfg @@ -30,7 +30,7 @@ policyset.caLogSigningSet.2.default.params.startTime=0 policyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl policyset.caLogSigningSet.3.constraint.name=Key Constraint policyset.caLogSigningSet.3.constraint.params.keyType=- -policyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521 +policyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp521 policyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl policyset.caLogSigningSet.3.default.name=Key Default policyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caSigningUserCert.cfg b/base/ca/shared/profiles/ca/caSigningUserCert.cfg index 837291dd5fc..897a6bedf2a 100644 --- a/base/ca/shared/profiles/ca/caSigningUserCert.cfg +++ b/base/ca/shared/profiles/ca/caSigningUserCert.cfg @@ -31,7 +31,7 @@ policyset.signingCertSet.2.default.params.startTime=0 policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl policyset.signingCertSet.3.constraint.name=Key Constraint policyset.signingCertSet.3.constraint.params.keyType=RSA -policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.signingCertSet.3.default.class_id=userKeyDefaultImpl policyset.signingCertSet.3.default.name=Key Default policyset.signingCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg b/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg index 069c6e5cdf9..0f70400d087 100644 --- a/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg +++ b/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg @@ -28,7 +28,7 @@ policyset.cmcUserCertSet.2.default.params.range=180 policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint -policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.cmcUserCertSet.3.constraint.params.keyType=RSA policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default diff --git a/base/ca/shared/profiles/ca/caStorageCert.cfg b/base/ca/shared/profiles/ca/caStorageCert.cfg index 3e6cabd4b8e..6cace13a91c 100644 --- a/base/ca/shared/profiles/ca/caStorageCert.cfg +++ b/base/ca/shared/profiles/ca/caStorageCert.cfg @@ -30,7 +30,7 @@ policyset.drmStorageCertSet.2.default.params.startTime=0 policyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl policyset.drmStorageCertSet.3.constraint.name=Key Constraint policyset.drmStorageCertSet.3.constraint.params.keyType=RSA -policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl policyset.drmStorageCertSet.3.default.name=Key Default policyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caSubsystemCert.cfg b/base/ca/shared/profiles/ca/caSubsystemCert.cfg index b8269f15803..b9cf621f63c 100644 --- a/base/ca/shared/profiles/ca/caSubsystemCert.cfg +++ b/base/ca/shared/profiles/ca/caSubsystemCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=RSA -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caTPSCert.cfg b/base/ca/shared/profiles/ca/caTPSCert.cfg index 144000d13f5..6fcd3d54a93 100644 --- a/base/ca/shared/profiles/ca/caTPSCert.cfg +++ b/base/ca/shared/profiles/ca/caTPSCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint policyset.serverCertSet.3.constraint.params.keyType=- -policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default policyset.serverCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caTransportCert.cfg b/base/ca/shared/profiles/ca/caTransportCert.cfg index eec85a6efeb..fa4cafa3909 100644 --- a/base/ca/shared/profiles/ca/caTransportCert.cfg +++ b/base/ca/shared/profiles/ca/caTransportCert.cfg @@ -30,7 +30,7 @@ policyset.transportCertSet.2.default.params.startTime=0 policyset.transportCertSet.3.constraint.class_id=keyConstraintImpl policyset.transportCertSet.3.constraint.name=Key Constraint policyset.transportCertSet.3.constraint.params.keyType=RSA -policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.transportCertSet.3.default.class_id=userKeyDefaultImpl policyset.transportCertSet.3.default.name=Key Default policyset.transportCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg index eae06d4a59d..6864db26554 100644 --- a/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg +++ b/base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg @@ -31,7 +31,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=- -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caUserCert.cfg b/base/ca/shared/profiles/ca/caUserCert.cfg index fb19b0e2ac8..c4a3c46668d 100644 --- a/base/ca/shared/profiles/ca/caUserCert.cfg +++ b/base/ca/shared/profiles/ca/caUserCert.cfg @@ -37,7 +37,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=RSA -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl diff --git a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg index 2f5a1ea7924..ee91c9ee93a 100644 --- a/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg +++ b/base/ca/shared/profiles/ca/caUserSMIMEcapCert.cfg @@ -37,7 +37,7 @@ policyset.userCertSet.2.default.params.startTime=0 policyset.userCertSet.3.constraint.class_id=keyConstraintImpl policyset.userCertSet.3.constraint.name=Key Constraint policyset.userCertSet.3.constraint.params.keyType=- -policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521 +policyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192,11776,15360,16384,nistp256,nistp384,nistp521 policyset.userCertSet.3.default.class_id=userKeyDefaultImpl policyset.userCertSet.3.default.name=Key Default policyset.userCertSet.4.constraint.class_id=noConstraintImpl