[Cmpforopenssl-devel] Need 2048-bits RSA key files and +, regardless the presence of the "--extcert

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,
This topic concerns the client's private key and the interdependency between the options:
"-key FILE"
"-extcert FILE"
Our understanding (after reading the source code) concerning the relationship between these 2 options is the following:
*       If the two options are specified then the tool uses for the initial request as client's private key the file specified by the "--key FILE" option.
*       If the option "--extcert FILE" doesn't exist for the initial request then the tool generates a 1024 bits RSA key at location specified by "--key FILE" option.
In our scenarios we need ***2048*** bits RSA keys (possibly more) without using the "--extcert FILE".  We think that the greatest flexibility is to allow (as an additional option) an input key file even in case the option "--extcert FILE" is not specified.
Is possible to add such option / behavior?
Which is, please, the rational of the current interdependency between these two options?
Best Regards
Mugur

[Cmpforopenssl-devel] Need 2048-bits RSA key files and +, regardless the presence of the "--extcert

CMP [RFC4210] implementation based on OpenSSL

[Cmpforopenssl-devel] Need 2048-bits RSA key files and +, regardless the presence of the "--extcert FILE" option.