Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Manager
1,644 Views

AMT Management Cert 4096-bit key lengths - which versions?

Hi,

I have seen references (such as in /message/110942# 110942 this thread) which indicate that some versions of AMT support 4096-bit public keys in the management certificate trust path. However I am unable to find any official documentation stating that this is the case, our outlining the versions in which this functionality became available.

Does anyone know where I can find this information? Help would be very much appreciated.

Cheers,

Shaw

0 Kudos
6 Replies
Highlighted
Community Manager
8 Views

Hi Shaw,

I will find out what versions support the 4096 bit keys and let you know.

thanks!

 

Josh
0 Kudos
Highlighted
Community Manager
8 Views

Thanks Josh, that would be great.

Cheers,

Shaw

0 Kudos
Highlighted
Community Manager
8 Views

Hi Shaw,

I am still working to get a good Matrix of Cert size support, but in the meantime:

The latest versions of Intel AMT firmware (2.2.10, 2.6.20, 3.2.10, 4.2.0, 5.1.10, 6.0 or later) support 4096-bit key length for root and intermediate certificates.

The last certificate in the chain, the certificate stored in the Intel AMT certificate store, must have a 2048-bit key length.

The root certificate cannot exceed a length of 1500 bytes.

Again, I will try and get a matrix that shows this info.

hope this helps!

Josh

0 Kudos
Highlighted
Community Manager
8 Views

Thanks very much Josh. It's good to have some certainty that the latest AMT versions do support the 4096-bit keys.

The matrix you are working on will be helpful as well in planning the effort required to upgrade our PC fleet to compatible AMT versions.

Cheers,

Shaw

0 Kudos
Highlighted
Community Manager
8 Views

Hi Josh,

Did you have any luck putting that Matrix together?

Regards,

Shaw

0 Kudos
Highlighted
Community Manager
8 Views

(bump)

Would love to see that matrix . . . .

0 Kudos