[gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Aug 5 18:50:37 CEST 2022
Alexander Sosedkin commented:
```
certtool --generate-privkey --bits 1023 --outfile /tmp/key
cat > /tmp/tmpl <<EOF
ca
cn = RSA 1023
EOF
certtool --generate-self-signed --template /tmp/tmpl --load-privkey /tmp/key --outfile /tmp/crt
certtool --p7-detached-sign --load-privkey /tmp/key --load-certificate /tmp/crt --infile tests/cert-tests/data/pkcs7-detached.txt > /tmp/sig
build/src/certtool --p7-verify --load-privkey /tmp/key --load-certificate /tmp/crt --load-data tests/cert-tests/data/pkcs7-detached.txt --infile /tmp/sig
```
```
eContent Type: 1.2.840.113549.1.7.1
Signers:
Signer's issuer DN: CN=RSA 1023
Signer's serial: 7b9278add8f8883723075f1c21b6b6b777bb28af
Signature Algorithm: RSA-SHA256
Signature status: ok
```
I expected this to be blocked.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1052636443
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220805/ed09379a/attachment.html>
More information about the Gnutls-devel
mailing list