How to create an Account Key?

I can’t seem to find any good info on generating an Account Key.

Some libraries look to use a 2048 RSA private key, others 4096. Are there any recommendations right now?

1 Like

The ACME RFC 8555 allows for multiple kinds of account keys, even non-RSA algorithms. So it depends on what Boulder accepts (I don’t know) and what you need: more security which needs more CPU power to compute all the signatures or is 2048 bits just fine, which will need less CPU power compaired to 4096 bits. Or try EdDSA!

2 Likes

Last I checked (which was quite a while ago), I’m pretty sure Boulder supported RSA keys anywhere between 2048-4096 bits. Though some crypto libraries are limited to certain multiples within that range rather than any number. It also supports ECC keys using the NIST curves P-256 or P-384.

3 Likes

Yes, with some additional restrictions (e.g. the RSA modulus’ bit size must be divisible by 8).

1 Like

Obviously @cpu wanted to write that the key’s bit size must be divisible by 8. An RSA modulus can never be divisible by 8 (and not even by 2 if you actually want some security). :slight_smile:

3 Likes

Yes! Thanks for fixing my mistake :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.