Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

weak RSA keys should not be usable #2715

Closed
tomholub opened this issue Apr 1, 2020 · 0 comments · Fixed by #3338
Closed

weak RSA keys should not be usable #2715

tomholub opened this issue Apr 1, 2020 · 0 comments · Fixed by #3338
Assignees
@rrrooommmaaa
Labels
actionable PGP or S/MIME requires knowledge of spec internals security
Milestone
unversioned

Comments

@tomholub
Copy link
Collaborator

tomholub commented Apr 1, 2020
edited

Public keys that have a RSA primary key smaller than 2048 bits should always have usableForEncryption and usableForSigning be false.

Similarly, when parsing a public key, any subkeys that use RSA key smaller than 2048 should not be taken into account. (not sure how to do this)

2048bit will therefore be the minimum required strength for RSA.
@tomholub tomholub added this to the 7.7.7: Code maintenance milestone Apr 1, 2020
@tomholub tomholub self-assigned this Apr 1, 2020
@tomholub tomholub changed the title OrgRule to disable weaker algorithms disable_algos OrgRule: for weak algorithms Sep 26, 2020
@tomholub tomholub removed their assignment Oct 5, 2020
@tomholub tomholub added the PGP or S/MIME requires knowledge of spec internals label Oct 10, 2020
@tomholub tomholub modified the milestones: 7.9.9, First priority Oct 29, 2020
@tomholub tomholub changed the title disable_algos OrgRule: for weak algorithms disable weak algos Jan 18, 2021
@tomholub tomholub changed the title disable weak algos whitelist allowed algorithms Jan 18, 2021
@tomholub tomholub changed the title whitelist allowed algorithms blacklist weak algorithms Jan 18, 2021
@tomholub tomholub changed the title blacklist weak algorithms weak RSA keys should not be usable Jan 18, 2021
@rrrooommmaaa rrrooommmaaa mentioned this issue Jan 20, 2021
Merged
tomholub pushed a commit that referenced this issue Feb 6, 2021
@rrrooommmaaa
issue #2715 Invalidate RSA keys less than 2048 bits (#3338)
ae5229f 
* Invalidate RSA keys less than 2048 bits

* tslint fix

* updated expiredPubKey to 2048-bit so the test 'compose - expired can still send' passes

* Modified keys for existing tests to fit RSA 2048 requirement

* Secure PK and insecure SK test and diagnostics

* moved armoring out of the background

* moved armoring out of the background 2

* moved armoring out of the background 3

* introduced rawKey and rawArmored fields of Key

* restored ContactStore

* PK 2048/RSA and SK 1024/RSA parse unencrypted and decrypt tests

* renamed methods and fields

* added comment

* removed weak keys from S/MIME certificate
@tomholub tomholub mentioned this issue Feb 19, 2021
Closed
@tomholub tomholub modified the milestones: First priority, unversioned Nov 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rrrooommmaaa rrrooommmaaa

Labels
actionable PGP or S/MIME requires knowledge of spec internals security
Projects
None yet
Milestone
unversioned
Development

Successfully merging a pull request may close this issue.

Invalidate RSA keys less than 2048 bits FlowCrypt/flowcrypt-browser
2 participants
@tomholub @rrrooommmaaa