-
Hi, Not sure if I want to do this yet, but wondering how it's done. I noticed in the ca.json file the section for authority > provisioners has P-256 and ES256 by default. How would I increase these to P-384 and ES384. Is it a simple case of overwriting these in the ca.json file? Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
@Rapt88 that's what we call a "JWK provisioner" in our documentation. JWK stands for "JSON Web Key" -- it's just a JSON data structure that includes a public or private key along with some metadata. What you're looking at (the "P-256" and "ES256" bits) are key metadata saying that the associated key (represented as the "x" and "y" attributes) is a "P-256" key and should be used with the "ES256" signing algorithm. To use P-384/ES384 you can't just change these parameters: you have to generate a new key. You can use For example:
Remember to restart (or at least |
Beta Was this translation helpful? Give feedback.
-
Thanks guys, I'll just use the certificate creation command where you call the encryption if needed. |
Beta Was this translation helpful? Give feedback.
@Rapt88 that's what we call a "JWK provisioner" in our documentation. JWK stands for "JSON Web Key" -- it's just a JSON data structure that includes a public or private key along with some metadata. What you're looking at (the "P-256" and "ES256" bits) are key metadata saying that the associated key (represented as the "x" and "y" attributes) is a "P-256" key and should be used with the "ES256" signing algorithm. To use P-384/ES384 you can't just change these parameters: you have to generate a new key.
You can use
step crypto jwk create
to do so, then usestep ca provisioner add
to add your new key toca.json
. Once that's done, you can remove the old key (either by manually editingca.json
…