You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was migrated from Pagure Issue #3097.Originally filed by cheimes on 2019-04-17
The feature request is related to IPA ticket https://pagure.io/freeipa/issue/6790 . In IPA we like to support 3072bit RSA keys. 3072 is a good compromise between performance and security for keys with a life time beyond 2030. NIST Special Publication 800-57 Part 3 Revision 1 recommends 3072bit RSA for these keys. 3072 bit RSA keys have about the same strength as 128bit symmetric encryption.
Alexander and I skimmed through Dogtag's code and found a couple of places that either have very weak minimums or seem to hard code a list of expected RSA key sizes without 3072. We are not sure if any of these places actually prohibit RSA 3072 keys. Please take a look:
Simple test of clones associated with a pki instance.
Testing is predicated on locating within the given instance a CA security domain subsystem.
From there the security domain is consulted for a list of cloned subsystems.
Each clone found is checked in a simple fashion for a connectivity and for simple data,
when appropriate. For now the OCSP , TKS, and TPS clones are checked for connectivity.
Another caveat: Originally I wanted to pair up each discoverd clone with it's master and compare data
within the CA and KRA to match them up. This round I was nota able to easily figure out this mapping, so for
now the actual clones are tested.
Simple command line to run the test directly:
pki-healthcheck --debug --source pki.server.healthcheck.clones.connectivity_and_data --check ClonesConnectivyAndDataCheck
The test reaches out provides a result for each group of ca, kra, ocsp, tps, and tks clones.
Note that we have issues with tps and ocsp clones at this point.
Co-authored-by: Jack Magne <jmagne@localhost.localdomain>
This issue was migrated from Pagure Issue #3097.Originally filed by cheimes on 2019-04-17
The feature request is related to IPA ticket https://pagure.io/freeipa/issue/6790 . In IPA we like to support 3072bit RSA keys. 3072 is a good compromise between performance and security for keys with a life time beyond 2030. NIST Special Publication 800-57 Part 3 Revision 1 recommends 3072bit RSA for these keys. 3072 bit RSA keys have about the same strength as 128bit symmetric encryption.
Alexander and I skimmed through Dogtag's code and found a couple of places that either have very weak minimums or seem to hard code a list of expected RSA key sizes without 3072. We are not sure if any of these places actually prohibit RSA 3072 keys. Please take a look:
CS.cfg contains
Various preop keysizes like
preop.cert.audit_signing.keysize.size
are hard-coded to 2048.LWCA hard-codes 2048 in https://github.com/dogtagpki/pki/blob/8215e8205f19961d8fb1cb4b98c807e2f7e19917/base/ca/src/com/netscape/ca/CertificateAuthority.java#L2859-L2864, also see ticket https://pagure.io/dogtagpki/issue/1589
HTTPInput checks key size and does not contain 3072, https://github.com/dogtagpki/pki/blob/master/base/common/src/com/netscape/certsrv/util/HttpInput.java#L139-L148
The text was updated successfully, but these errors were encountered: