/usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg is in pki-ca 10.6.0-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | desc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.
visible=false
enable=false
enableBy=admin
name=Manual User Encryption ECC Certificates Enrollment
auth.class_id=
input.list=i1
input.i1.class_id=encKeyGenInputImpl
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=encryptionCertSet
policyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9
policyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.encryptionCertSet.1.constraint.name=Subject Name Constraint
policyset.encryptionCertSet.1.constraint.params.pattern=CN=.*
policyset.encryptionCertSet.1.constraint.params.accept=true
policyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.encryptionCertSet.1.default.name=Subject Name Default
policyset.encryptionCertSet.1.default.params.name=
policyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl
policyset.encryptionCertSet.2.constraint.name=Validity Constraint
policyset.encryptionCertSet.2.constraint.params.range=365
policyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false
policyset.encryptionCertSet.2.constraint.params.notAfterCheck=false
policyset.encryptionCertSet.2.default.class_id=validityDefaultImpl
policyset.encryptionCertSet.2.default.name=Validity Default
policyset.encryptionCertSet.2.default.params.range=180
policyset.encryptionCertSet.2.default.params.startTime=0
policyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl
policyset.encryptionCertSet.3.constraint.name=Key Constraint
policyset.encryptionCertSet.3.constraint.params.keyType=EC
policyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521
policyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl
policyset.encryptionCertSet.3.default.name=Key Default
policyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.4.constraint.name=No Constraint
policyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.encryptionCertSet.4.default.name=Authority Key Identifier Default
policyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.5.constraint.name=No Constraint
policyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.encryptionCertSet.5.default.name=AIA Extension Default
policyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false
policyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1
policyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true
policyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false
policyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false
policyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.encryptionCertSet.6.default.name=Key Usage Default
policyset.encryptionCertSet.6.default.params.keyUsageCritical=true
policyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false
policyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false
policyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false
policyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.7.constraint.name=No Constraint
policyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default
policyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false
policyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.8.constraint.name=No Constraint
policyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint
policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false
policyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.encryptionCertSet.9.constraint.name=No Constraint
policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.encryptionCertSet.9.default.name=Signing Alg
policyset.encryptionCertSet.9.default.params.signingAlg=-
|