Network device enrollment using elliptic curve keys

Question

Does anybody know if someone have successfully implemented NDES/MSSCEP together with EC (Elliptic Curve) keys, hence not RSA keys? Is there any well documented guides out there?
The NDES/MSSCEP service itself must use certificates (the CEP Encryption and Exchange Enrollment Agent certificates) with RSA keys. Does this mean that any certificates for network devices also must use RSA?

I'm using Cisco devices and it is possible to use EC keys but I have not been able to get any device certificates from my NDES/MSSCEP server. At first I had problems even installing the CA certificate but that worked after re-creating the CA using the lowest possible key lengths for both the signature and hash algorithm. (I will have to find out exactly how long keys are possible at a later stage.)

When using RSA keys for the device certificate together with a CA that also uses RSA keys everything just works. And in my ignorance I thought I just had to exchange the RSA keys for EC keys... or I'm missing something. :)
I would really like to move on to the next generation of encryption if it is possible.

Any assistance is appreciated!

Answer 1

Hello @Kristofer ,

Thank you for posting here.

Based on my research, Windows CA supports Elliptic Curve keys, for more information we can refer to the following similar case.

Does Windows CA support Elliptic Curve keys
https://social.technet.microsoft.com/Forums/en-US/c16eb8c0-2ca4-4610-847f-5431de871edf/does-windows-ca-support-elliptic-curve-keys?forum=winserversecurity

However, NDES supports RSA only for in-band device enrollment, for more information, we can refer to the following third-part link.

No NDES/SCEP. NDES supports RSA only for in-band device enrollment
There is a new standard called EST (enrollment over secure transport)

1. IOS and IOS-XE support EST as clients
2. There’s an open source project called libEST you can use to test.
3. Cisco ISE as of version 2.2 supports EST

PKI for Network Engineers (9/?): Elliptic Curve Setup
https://densemode.com/2017/08/15/pki-for-network-engineers-9-elliptic-curve-setup/

Understanding Microsoft Cryptographic Service Providers
https://www.pkisolutions.com/understanding-microsoft-crypto-providers/

Hope the information above is helpful.

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best Regards,
Daisy Zhou

Answer 2

I am not sure the 'accepted' answer by Daisy Zhou is correct. According to Uwe Gradenegger who is a former Microsoft Senior Premier Field Engineer and whose blog is a primary reference for ADCS and PKI, while the CEP Encryption and Exchange Enrollment Agent certificates (Registration Authority) certificates must use the Cryptographic Service Provider, and are hence limited to RSA, the network device certificates themselves can use Elliptic Curve (ECC):

Expand table

Network Device Registration Service (NDES) , Device certificates	Supported. Implemented in PSCertificateEnrollment as of version 1.0.7.
Network Device Registration Service (NDES) , Device certificates	Supported. Implemented in PSCertificateEnrollment as of version 1.0.7.

Plus in one of the comments section of the second blog post that Daisy Zhou cited, the author of the blog states that you can use Suite-B (ECC) certificates for end-entities with NDES, just not for the CEPT Encryption and Exchange Enrollment Agent certificates (Registration Authority):

NDES is capable of facilitating end-entity certificates and CAs that are using Suite-B. NDES is just unable to use CNG-based Key Storage Providers (KSP) for it’s own Signing and Encryption certificates. Thus the NDES server certificates can’t be Suite-B. But otherwise the CA and the end-entities can use KSP and Suite-B if you wish.

So if it's not working it may be Cisco's fault, not NDES.