keysize restrictions for keystore | Telit Cinterion IoT Developer Community
February 21, 2018 - 10:19pm, 2673 views
I generated a keystore to add to a EHS6 module. To test, I used the example from the "Java User's Guide". Using the commands provided, I am able to insert the customer ME keystore into the module without any problem. I made another test with a keysize of 4096. I restarted from scratch and recreated a new set of SE and ME keystore and a new SetCustomerKeystore.bin file. I removed the previous ME keystore from the module and tried to install the new ME keystore. With the 4096 keysize, I get an error when trying to add the ME keystore to the module. I get:
^SJMSEC: 2,"wrong command parameter format"
Does the modules handle 4096 keysize?
According to Java User's Guide it should be a key size of 2048 used.
That was not obvious to me that the keysize of 2048 used was an actual limit and not just what was used for the example. Maybe it should be more obvious that 2048 is a limit...
Is that true for all certificates used in the modules? Does that apply to HTTPS client certificates? Because adding a HTTPS client certificate with a 4096 keysize doesn't return an error and the module seems to accept it based on the AT^SJMSEC? command response. However, I have not been able to connect to the server yet and I'm not sure if it's because of the keysize or because of something else in my setup.
I just found out that it is clearly specified in ELSx documentation, but it is not the case in the ESHx documentation...
You are right that for ELS61 there's additional note that makes it more clear.
I can't see the maximum key size for server certificate in the documentation. According to R&D statement I have found it is not restricted.
However currently 2048 is a widely used standard.
Please also note that for certificate verification on the module you need to load the root certificate (of the certification authority) from the certificate chain and not the server certificate.
Thank you. That makes everything more clear.