Commit e84b6985 authored by Orne Brocaar's avatar Orne Brocaar
Browse files

Move from rsa to ecdsa key generation for gw client-certs.

As ecdsa requires shorter keys (with the same level of encryption
protection), this is works a lot better on gateways with limited CPU
capacity (like the MiniHub gateway).
parent 82c3d7f4
......@@ -2,8 +2,9 @@ package gateway
import (
......@@ -58,7 +59,7 @@ func GenerateClientCertificate(gatewayID lorawan.EUI64) (time.Time, []byte, []by
KeyUsage: x509.KeyUsageDigitalSignature,
certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
certPrivKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return time.Time{}, nil, nil, nil, errors.Wrap(err, "generate key error")
......@@ -82,10 +83,15 @@ func GenerateClientCertificate(gatewayID lorawan.EUI64) (time.Time, []byte, []by
Bytes: certBytes,
b, err := x509.MarshalECPrivateKey(certPrivKey)
if err != nil {
return time.Time{}, nil, nil, nil, errors.Wrap(err, "create certificate error")
certPrivKeyPEM := new(bytes.Buffer)
pem.Encode(certPrivKeyPEM, &pem.Block{
Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
Bytes: b,
return expiresAt, caCertB, certPEM.Bytes(), certPrivKeyPEM.Bytes(), nil
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment