Instaliing microsoft ADCS using brainpool ECC keys

CryptoDan

2/4/23, 12:38 PM

I got a request from a custumer to install ADCS using ECDSA while using a specific ECC curve for the keys (bp384r1). This curve is not listed in the ADCS installation process when creating a new key and choosing the CSP (Only the NIST ECDSA_P384 is there).

I am able to create a leaf certificate by specifing the key algorithm and CSP as 'ECDSA_brainpoolP384r1,Microsoft Software Key Storage Provider'. However this is not displayed in the ADCS installation GUI.

I also tried adding these lines to capolicy.inf before installing the CA but with no success...:
[NewRequest]
KeyAlgorithm=ECDSA_brainpoolP384r1
ProviderName="Microsoft Software Key Storage Provider"

Is there a way to limit the KSP key algortihm to a specific list, Or to change the default ECC curves choosen? Or tell ADCS to use the specific Key Algorithm I want?

Would appriciate any help with this - Thanks!

0 + 0

certificate-authority

active-directory-adcs

Score:1

Server

Crypt32

2/4/23, 2:38 PM

Unfortunately, Microsoft ADCS limits its supported keys to common NIST curves and don't allow to use Brainpool curves. If you manage to supply a certificate with non-supported curve, installer won't accept it. And there is no any workaround I could think of and which would work.

0 + 0

CryptoDan

2/4/23, 4:07 PM

Is this a limitation of MS CSP or of ADCS? If I have a HSM that supports brainpool will ADCS accept it?

Crypt32

2/4/23, 9:08 PM

It is limitation of ADCS CA, not CSP. This means that it doesn't matter which CSP/KSP you will use, CA just throw an error if sees non-permitted curves.

CryptoDan

2/5/23, 5:55 AM

Thanks for your answer!

CryptoDan

2/5/23, 10:40 AM

Can you refer me to a relevant article with the permitted list?

Crypt32

2/5/23, 10:41 AM

There is no official documentation on this. Even unofficial, but algorithms you see in installation wizard is the only supported list of algorithms depending on a selected provider.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Instaliing microsoft ADCS using brainpool ECC keys

TH: การติดตั้ง Microsoft ADCS โดยใช้คีย์ Brainpool ECC

RO: Instalarea Microsoft ADCS folosind cheile ECC brainpool

RU: Установка Microsoft ADCS с использованием ключей ECC для мозгового пула

VI: Cài đặt microsoft ADCS bằng khóa ECC của brainpool

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.