[Kimchi-devel] [PATCH] Changes to use 2048 bit public key for self-signed certificate

Mark Wu wudxw at linux.vnet.ibm.com
Fri Apr 25 03:14:35 UTC 2014


After 1/1/2014, 1024 bit keys are no longer considered secure enough
and may not be supported by all browsers. So changes to use 2048 bit
public key.

See Appendix A in this document:
https://www.cabforum.org/Baseline_Requirements_V1.pdf

Signed-off-by: Mark Wu <wudxw at linux.vnet.ibm.com>
---
 src/kimchi/sslcert.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/kimchi/sslcert.py b/src/kimchi/sslcert.py
index 37b4961..1ca8502 100644
--- a/src/kimchi/sslcert.py
+++ b/src/kimchi/sslcert.py
@@ -39,7 +39,7 @@ class SSLCert(object):
 
         self.cert = X509.X509()
         pubkey = EVP.PKey()
-        rsa = RSA.gen_key(1024, 65537, keygen_cb)
+        rsa = RSA.gen_key(2048, 65537, keygen_cb)
         pubkey.assign_rsa(rsa)
         self._key = rsa.as_pem(None, callback=passphrase_cb)
         rsa = None
-- 
1.8.4.2




More information about the Kimchi-devel mailing list