This article describes how to set up Elliptic Curve Cryptography (ECC) encoding in Smart ID Identity Manager.
For more information, see Set up card encoding description template in Identity Manager.
 Prerequisites
- The type of the created keys is coded into the KeySize property. Supported curves are limited by Bouncy Castle, the PKCS#11 middleware, and the certificate authority.Â
- Supported CAs:
- Smart ID Certificate Manager
- EJBCA
- QuoVadis
- D-Trust
- Supported middlewares:
 Set up elliptic curve cryptography encoding
Edit the encoding description in which you want to use ECC and do the following:
- Use the KeySize property to code the type of the created keys. Set the value to ECC/ plus a curve name, for example,
KeySize=ECC/prime256v1.
- Specify a suitable
PKCS10SigningAlgorithm
supported by the given card/middleware combination. Preferably, choose a SHA-2-based algorithm. SHA1_ECDSA should be used only if better options are unavailable.
 Example: ECC encodings
[Application_A]
CertTempl=SigCert
KeySize=ECC/prime256v1
PKCS10SigningAlgorithm=SHA256_ECDSA
[Application_B]
CertTempl=AuthCert
KeySize=ECC/brainpoolP256r1
PKCS10SigningAlgorithm=SHA256_ECDSA