[PATCH] Changes to use 2048 bit public key for self-signed certificate
After 1/1/2014, 1024 bit keys are no longer considered secure enough and may not be supported by all browsers. So changes to use 2048 bit public key. See Appendix A in this document: https://www.cabforum.org/Baseline_Requirements_V1.pdf Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com> --- src/kimchi/sslcert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/kimchi/sslcert.py b/src/kimchi/sslcert.py index 37b4961..1ca8502 100644 --- a/src/kimchi/sslcert.py +++ b/src/kimchi/sslcert.py @@ -39,7 +39,7 @@ class SSLCert(object): self.cert = X509.X509() pubkey = EVP.PKey() - rsa = RSA.gen_key(1024, 65537, keygen_cb) + rsa = RSA.gen_key(2048, 65537, keygen_cb) pubkey.assign_rsa(rsa) self._key = rsa.as_pem(None, callback=passphrase_cb) rsa = None -- 1.8.4.2
-- Reviewed-by: Paulo Vital <pvital@linux.vnet.ibm.com> On Fri, 2014-04-25 at 11:14 +0800, Mark Wu wrote:
After 1/1/2014, 1024 bit keys are no longer considered secure enough and may not be supported by all browsers. So changes to use 2048 bit public key.
See Appendix A in this document: https://www.cabforum.org/Baseline_Requirements_V1.pdf
Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com> --- src/kimchi/sslcert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kimchi/sslcert.py b/src/kimchi/sslcert.py index 37b4961..1ca8502 100644 --- a/src/kimchi/sslcert.py +++ b/src/kimchi/sslcert.py @@ -39,7 +39,7 @@ class SSLCert(object):
self.cert = X509.X509() pubkey = EVP.PKey() - rsa = RSA.gen_key(1024, 65537, keygen_cb) + rsa = RSA.gen_key(2048, 65537, keygen_cb) pubkey.assign_rsa(rsa) self._key = rsa.as_pem(None, callback=passphrase_cb) rsa = None
Reviewed-by: Crístian Viana <vianac@linux.vnet.ibm.com> On 25-04-2014 00:14, Mark Wu wrote:
After 1/1/2014, 1024 bit keys are no longer considered secure enough and may not be supported by all browsers. So changes to use 2048 bit public key.
See Appendix A in this document: https://www.cabforum.org/Baseline_Requirements_V1.pdf
Signed-off-by: Mark Wu <wudxw@linux.vnet.ibm.com>
Applied. Thanks. Regards, Aline Manera
participants (4)
-
Aline Manera -
Crístian Viana -
Mark Wu -
Paulo Ricardo Paz Vital