[gnutls-devel] GnuTLS | Draft: Adjust RSA key size restrictions (!1624)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Aug 5 18:50:37 CEST 2022

Alexander Sosedkin commented:

certtool --generate-privkey --bits 1023 --outfile /tmp/key
cat > /tmp/tmpl <<EOF
cn = RSA 1023
certtool --generate-self-signed --template /tmp/tmpl --load-privkey /tmp/key --outfile /tmp/crt
certtool --p7-detached-sign --load-privkey /tmp/key --load-certificate /tmp/crt --infile tests/cert-tests/data/pkcs7-detached.txt > /tmp/sig
build/src/certtool --p7-verify --load-privkey /tmp/key --load-certificate /tmp/crt --load-data tests/cert-tests/data/pkcs7-detached.txt --infile /tmp/sig

eContent Type: 1.2.840.113549.1.7.1
        Signer's issuer DN: CN=RSA 1023
        Signer's serial: 7b9278add8f8883723075f1c21b6b6b777bb28af
        Signature Algorithm: RSA-SHA256

        Signature status: ok

I expected this to be blocked.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1624#note_1052636443
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220805/ed09379a/attachment.html>

More information about the Gnutls-devel mailing list