Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-3057

Optional support for ECDSA signatures

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate Issue
    • Affects Version/s: 1.9.5.Final
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      I wonder if we should add support for ECDSA based signatures as an alternative to RSA? Just went through some interesting blog [1] , which mentions that 256-bits ECDSA has around 9.5 times better performance of signature generation than 2048-bits RSA. The time of signature verification seems to be slightly worse for ECDSA (see second comment), however there is also increased security (256-ECDSA is equivalient of 3248 RSA according to blog).

      [1] https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              mposolda@redhat.com Marek Posolda
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: