Community
cancel
Showing results for 
Search instead for 
Did you mean: 
idata
Community Manager
1,711 Views

AMT Management Cert 4096-bit key lengths - which versions?

Hi,

I have seen references (such as in /message/110942# 110942 this thread) which indicate that some versions of AMT support 4096-bit public keys in the management certificate trust path. However I am unable to find any official documentation stating that this is the case, our outlining the versions in which this functionality became available.

Does anyone know where I can find this information? Help would be very much appreciated.

Cheers,

Shaw

0 Kudos
6 Replies
idata
Community Manager
75 Views

Hi Shaw,

I will find out what versions support the 4096 bit keys and let you know.

thanks!

 

Josh
idata
Community Manager
75 Views

Thanks Josh, that would be great.

Cheers,

Shaw

idata
Community Manager
75 Views

Hi Shaw,

I am still working to get a good Matrix of Cert size support, but in the meantime:

The latest versions of Intel AMT firmware (2.2.10, 2.6.20, 3.2.10, 4.2.0, 5.1.10, 6.0 or later) support 4096-bit key length for root and intermediate certificates.

The last certificate in the chain, the certificate stored in the Intel AMT certificate store, must have a 2048-bit key length.

The root certificate cannot exceed a length of 1500 bytes.

Again, I will try and get a matrix that shows this info.

hope this helps!

Josh

idata
Community Manager
75 Views

Thanks very much Josh. It's good to have some certainty that the latest AMT versions do support the 4096-bit keys.

The matrix you are working on will be helpful as well in planning the effort required to upgrade our PC fleet to compatible AMT versions.

Cheers,

Shaw

idata
Community Manager
75 Views

Hi Josh,

Did you have any luck putting that Matrix together?

Regards,

Shaw

idata
Community Manager
75 Views

(bump)

Would love to see that matrix . . . .

Reply