update API comments

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>

deploy/crds/crd-certificates.yaml

@@ -154,7 +154,7 @@ spec:
                         - passwordSecretRef
                       properties:
                         algorithms:
-                          description: "Algorithms are specifying the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. \n If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure, used for maximal compatibility. `Modern2023`: Preferred for security, used when indicated by policy. PEM format also stored in Secret."
+                          description: "Algorithms are specifying the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. \n If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret."
                           type: string
                           enum:
                             - LegacyRC2

internal/apis/certmanager/types_certificate.go

@@ -416,8 +416,10 @@ type PKCS12Keystore struct {
 	//
 	// If provided, allowed values are:
 	// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
-	// `LegacyDES`: Less secure, used for maximal compatibility.
-	// `Modern2023`: Preferred for security, used when indicated by policy. PEM format also stored in Secret.
+	// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
+	// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
+	// (eg. because of company policy). Please note that the security of the algorithm is not that important
+	// in reality, because the unencrypted certificate and private key are also stored in the Secret.
 	Algorithms PKCS12Algorithms
 }
 

internal/apis/certmanager/v1alpha2/types_certificate.go

@@ -338,8 +338,10 @@ type PKCS12Keystore struct {
 	//
 	// If provided, allowed values are:
 	// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
-	// `LegacyDES`: Less secure, used for maximal compatibility.
-	// `Modern2023`: Preferred for security, used when indicated by policy. PEM format also stored in Secret.
+	// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
+	// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
+	// (eg. because of company policy). Please note that the security of the algorithm is not that important
+	// in reality, because the unencrypted certificate and private key are also stored in the Secret.
 	// +optional
 	Algorithms PKCS12Algorithms `json:"algorithms,omitempty"`
 }

internal/apis/certmanager/v1alpha3/types_certificate.go

@@ -346,8 +346,10 @@ type PKCS12Keystore struct {
 	//
 	// If provided, allowed values are:
 	// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
-	// `LegacyDES`: Less secure, used for maximal compatibility.
-	// `Modern2023`: Preferred for security, used when indicated by policy. PEM format also stored in Secret.
+	// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
+	// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
+	// (eg. because of company policy). Please note that the security of the algorithm is not that important
+	// in reality, because the unencrypted certificate and private key are also stored in the Secret.
 	// +optional
 	Algorithms PKCS12Algorithms `json:"algorithms,omitempty"`
 }

internal/apis/certmanager/v1beta1/types_certificate.go

@@ -343,8 +343,10 @@ type PKCS12Keystore struct {
 	//
 	// If provided, allowed values are:
 	// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
-	// `LegacyDES`: Less secure, used for maximal compatibility.
-	// `Modern2023`: Preferred for security, used when indicated by policy. PEM format also stored in Secret.
+	// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
+	// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
+	// (eg. because of company policy). Please note that the security of the algorithm is not that important
+	// in reality, because the unencrypted certificate and private key are also stored in the Secret.
 	// +optional
 	Algorithms PKCS12Algorithms `json:"algorithms,omitempty"`
 }

pkg/apis/certmanager/v1/types_certificate.go

@@ -467,8 +467,10 @@ type PKCS12Keystore struct {
 	//
 	// If provided, allowed values are:
 	// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
-	// `LegacyDES`: Less secure, used for maximal compatibility.
-	// `Modern2023`: Preferred for security, used when indicated by policy. PEM format also stored in Secret.
+	// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
+	// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
+	// (eg. because of company policy). Please note that the security of the algorithm is not that important
+	// in reality, because the unencrypted certificate and private key are also stored in the Secret.
 	// +optional
 	Algorithms PKCS12Algorithms `json:"algorithms,omitempty"`
 }