syncthing/test/h2/key.pem
Jakob Borg 6d11006b54 Generate ECDSA keys instead of RSA
This replaces the current 3072 bit RSA certificates with 384 bit ECDSA
certificates. The advantage is these certificates are smaller and
essentially instantaneous to generate. According to RFC4492 (ECC Cipher
Suites for TLS), Table 1: Comparable Key Sizes, ECC has comparable
strength to 3072 bit RSA at 283 bits - so we exceed that.

There is no compatibility issue with existing Syncthing code - this is
verified by the integration test ("h2" instance has the new
certificate).

There are browsers out there that don't understand ECC certificates yet,
although I think they're dying out. In the meantime, I've retained the
RSA code for the HTTPS certificate, but pulled it down to 2048 bits. I
don't think a higher security level there is motivated, is this matches
current industry standard for HTTPS certificates.
2015-11-27 09:15:12 +01:00

7 lines
288 B
Plaintext

-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDBz4/RQhZfObYcjS4t5bZthw0Pj6YliqI357mdB6hfiQgMdTB8v7jnO
Scbil+Rri0+gBwYFK4EEACKhZANiAATuIjYTl60Cznfqz5JRXccpl4rnmIdRjpfg
8d4+PK83E4Jnoa9sSs5daq6ZTj6/NVERbXC820ZcC2/P+Gwcg8nsR0ohfRA8BOaz
Y2mUJtoWVTEcGlTOGU26WGyhXlqOfvI=
-----END EC PRIVATE KEY-----