SHA-512 encryption support for CA Top Secret.
Is SHA-512 encryption cipher supported by CA Top Secret?
CA Top Secret only supports SHA512 signing algorithm on certificates that are generated with NISTECC or BPECC keys.
Below is a link to the doc:
SIGNALG Keyword—Specify the Certificate Signing Algorithm
Via GSKYYMAN, we were able to generate a certificate with SHA512 and NISTECC private key, and
add the certificate to TSS.
Below is and example TSS LISTing the SHA512 certificate:
DIGICERT = CA ACCESSORID = USER01
ADMIN BY= BY(USER01 ) SMFID(LPAR) ON(08/24/2017) AT(14:30:44)
LABEL = CA
STATUS = TRUST
SERIAL# = 599F1647000775F9
ISSUER DISTINGUISHED NAME:
.CN=NIXON.OU=gov.O=gov.L=EWING.ST=NJ.C=US
SUBJECT DISTINGUISHED NAME:
CN=NIXON.OU=gov.O=gov.L=EWING.ST=NJ.C=US
KEYUSAGE:
HANDSHAKE DOCSIGN CERTSIGN KEYAGREE
PRIVATE KEY SIZE = 521
PRIVATE KEY TYPE = NIST ECC secp521r1
ALGORITHM = ecdsa with SHA-512
NOT BEFORE = 2017/08/24 18:09:11 UTC
NOT AFTER = 2018/08/24 18:09:11 UTC
TSS0300I LIST FUNCTION SUCCESSFUL