From 485652c60e953ddd4028cca930c4896f5d43895f Mon Sep 17 00:00:00 2001 From: Leonard Cohnen Date: Tue, 2 Jan 2024 16:43:06 +0100 Subject: [PATCH] ca: replace rsa with ecdsa --- internal/ca/ca.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/internal/ca/ca.go b/internal/ca/ca.go index 867c258509..e6a3a91754 100644 --- a/internal/ca/ca.go +++ b/internal/ca/ca.go @@ -2,8 +2,9 @@ package ca import ( "bytes" + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" - "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -14,12 +15,12 @@ import ( ) type CA struct { - rootPrivKey *rsa.PrivateKey + rootPrivKey *ecdsa.PrivateKey rootCert *x509.Certificate rootPEM []byte // The intermPrivKey is used for both the intermediate and meshCA certificates. - intermPrivKey *rsa.PrivateKey + intermPrivKey *ecdsa.PrivateKey intermCert *x509.Certificate intermPEM []byte @@ -45,7 +46,7 @@ func New(namespace string) (*CA, error) { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, BasicConstraintsValid: true, } - rootPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + rootPrivKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) if err != nil { return nil, fmt.Errorf("failed to generate RSA private key: %w", err) } @@ -72,7 +73,7 @@ func New(namespace string) (*CA, error) { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, BasicConstraintsValid: true, } - intermPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + intermPrivKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) if err != nil { return nil, fmt.Errorf("failed to generate RSA private key: %w", err) }