Home Similarity Diff BR Diff CS Diff EVG Diff SMIME Diff TLS

Home Show similarity Differences BR (in/out) Differences CS (in/out) Differences EVG (in/out) Differences SMIME (in/out) Differences TLS (in/out)

BR

CS

EVG

SMIME

TLS

BR

### 6.1.5 Key sizes For RSA key pairs the CA SHALL: * Ensure that the modulus size, when encoded, is at least 2048 bits, and; * Ensure that the modulus size, in bits, is evenly divisible by 8. For ECDSA key pairs, the CA SHALL: * Ensure that the key represents a valid point on the NIST P-256, NIST P-384 or NIST P-521 elliptic curve. No other algorithms or key sizes are permitted.

CS

### 6.1.5 Key sizes

EVG

### 6.1.5 Key sizes

SMIME

### 6.1.5 Key sizes For RSA key pairs the CA SHALL: * Ensure that the modulus size, when encoded, is at least 2048 bits; and * Ensure that the modulus size, in bits, is evenly divisible by 8. For ECDSA key pairs, the CA SHALL: * Ensure that the key represents a valid point on the NIST P-256, NIST P-384, or NIST P-521 elliptic curve. For EdDSA key pairs, the CA SHALL: * Ensure that the key represents a valid point on the curve25519 or curve 448 elliptic curve. No other algorithms or key sizes are permitted.

CS

#### 6.1.5.1 Root and Subordinate CA key sizes For Keys corresponding to Root and Subordinate CAs: * If the Key is RSA, then the modulus MUST be at least 4096 bits in length. [^legacy_key_length] * If the Key is ECDSA, then the curve MUST be one of NIST P-256, P-384, or P-521. * If the Key is DSA, then one of the following key parameter options MUST be used: * Key length (`L`) of 2048 bits and modulus length (`N`) of 224 bits * Key length (`L`) of 2048 bits and modulus length (`N`) of 256 bits [^legacy_key_length]: CAs MAY sign Cross-Certificates with Root CA RSA Private Keys whose modulus length is less than 4096 bits, provided that the Cross-Certificate is issued to a Root CA whose Public Key adheres to the key size requirements of this section.

CS

#### 6.1.5.2 Code signing Certificate and Timestamp Authority key sizes For Keys corresponding to Subscriber code signing and Timestamp Authority Certificates: * If the Key is RSA, then the modulus MUST be at least 3072 bits in length. * If the Key is ECDSA, then the curve MUST be one of NIST P-256, P-384, or P-521. * If the Key is DSA, then one of the following key parameter options MUST be used: * Key length (`L`) of 2048 bits and modulus length (`N`) of 224 bits * Key length (`L`) of 2048 bits and modulus length (`N`) of 256 bits