diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/signature/SignatureAlgorithm.java b/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/signature/SignatureAlgorithm.java index 6c4e059b2f1..455b047c249 100644 --- a/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/signature/SignatureAlgorithm.java +++ b/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/signature/SignatureAlgorithm.java @@ -51,7 +51,7 @@ public enum SignatureAlgorithm { PS384(SignatureAlgorithm.DEF_PS384, AlgorithmFamily.RSA, SignatureAlgorithm.DEF_SHA384WITHRSAANDMGF1, JWSAlgorithm.PS384), PS512(SignatureAlgorithm.DEF_PS512, AlgorithmFamily.RSA, SignatureAlgorithm.DEF_SHA512WITHRSAANDMGF1, JWSAlgorithm.PS512), - EDDSA(SignatureAlgorithm.DEF_EDDDSA, AlgorithmFamily.ED, SignatureAlgorithm.DEF_EDDDSA, EllipticEdvardsCurve.ED_25519, JWSAlgorithm.EdDSA); + EDDSA(SignatureAlgorithm.DEF_EDDDSA, AlgorithmFamily.ED, SignatureAlgorithm.DEF_ED25519, EllipticEdvardsCurve.ED_25519, JWSAlgorithm.EdDSA); public static final String DEF_HS256 = "HS256"; public static final String DEF_HS384 = "HS384"; @@ -70,6 +70,7 @@ public enum SignatureAlgorithm { public static final String DEF_PS384 = "PS384"; public static final String DEF_PS512 = "PS512"; + public static final String DEF_ED25519 = "Ed25519"; public static final String DEF_EDDDSA = "EdDSA"; public static final String DEF_HMACSHA256 = "HMACSHA256"; diff --git a/jans-linux-setup/setup_app/config.py b/jans-linux-setup/setup_app/config.py index 56f5f168c47..78309836309 100644 --- a/jans-linux-setup/setup_app/config.py +++ b/jans-linux-setup/setup_app/config.py @@ -290,7 +290,7 @@ def progress(self, service_name, msg, incr=False): # OpenID key generation default setting self.default_openid_jks_dn_name = 'CN=Jans Auth CA Certificates' - self.default_sig_key_algs = 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512 EdDSA' + self.default_sig_key_algs = 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512' self.default_enc_key_algs = 'RSA1_5 RSA-OAEP ECDH-ES' self.default_key_expiration = 365 diff --git a/jans-linux-setup/setup_app/installers/jans_auth.py b/jans-linux-setup/setup_app/installers/jans_auth.py index c4597a35518..69a831ba7f9 100644 --- a/jans-linux-setup/setup_app/installers/jans_auth.py +++ b/jans-linux-setup/setup_app/installers/jans_auth.py @@ -65,7 +65,7 @@ def generate_configuration(self): Config.encoded_admin_password = self.ldap_encode(Config.admin_password) self.logIt("Generating OAuth openid keys", pbar=self.service_name) - sig_keys = 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512 EdDSA' + sig_keys = 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512' enc_keys = 'RSA1_5 RSA-OAEP ECDH-ES' jwks = self.gen_openid_jwks_jks_keys(self.oxauth_openid_jks_fn, Config.oxauth_openid_jks_pass, key_expiration=2, key_algs=sig_keys, enc_keys=enc_keys) self.write_openid_keys(self.oxauth_openid_jwks_fn, jwks) diff --git a/jans-linux-setup/static/scripts/key_regeneration.py b/jans-linux-setup/static/scripts/key_regeneration.py index 5493743ea99..3fe3a32d679 100644 --- a/jans-linux-setup/static/scripts/key_regeneration.py +++ b/jans-linux-setup/static/scripts/key_regeneration.py @@ -31,10 +31,10 @@ oxauth_keys_json_fn = 'jans-keys.json' algs_for_versions = { - '1.0.0': {'sig_keys': 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512 EdDSA', 'enc_keys': 'RSA1_5 RSA-OAEP ECDH-ES'}, + '1.0.0': {'sig_keys': 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512', 'enc_keys': 'RSA1_5 RSA-OAEP ECDH-ES'}, } -sig_keys = 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512 EdDSA' +sig_keys = 'RS256 RS384 RS512 ES256 ES256K ES384 ES512 PS256 PS384 PS512' enc_keys = 'RSA1_5 RSA-OAEP ECDH-ES'