[Kimchi-devel] [PATCH] Changes to use 2048 bit public key for self-signed certificate
Paulo Ricardo Paz Vital
pvital at linux.vnet.ibm.com
Fri Apr 25 13:31:31 UTC 2014
--
Reviewed-by: Paulo Vital <pvital at linux.vnet.ibm.com>
On Fri, 2014-04-25 at 11:14 +0800, Mark Wu wrote:
> After 1/1/2014, 1024 bit keys are no longer considered secure enough
> and may not be supported by all browsers. So changes to use 2048 bit
> public key.
>
> See Appendix A in this document:
> https://www.cabforum.org/Baseline_Requirements_V1.pdf
>
> Signed-off-by: Mark Wu <wudxw at linux.vnet.ibm.com>
> ---
> src/kimchi/sslcert.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/kimchi/sslcert.py b/src/kimchi/sslcert.py
> index 37b4961..1ca8502 100644
> --- a/src/kimchi/sslcert.py
> +++ b/src/kimchi/sslcert.py
> @@ -39,7 +39,7 @@ class SSLCert(object):
>
> self.cert = X509.X509()
> pubkey = EVP.PKey()
> - rsa = RSA.gen_key(1024, 65537, keygen_cb)
> + rsa = RSA.gen_key(2048, 65537, keygen_cb)
> pubkey.assign_rsa(rsa)
> self._key = rsa.as_pem(None, callback=passphrase_cb)
> rsa = None
More information about the Kimchi-devel
mailing list