From c710aa769834267d4ea7e08e8e9e93dc168eea4a Mon Sep 17 00:00:00 2001 From: Sebastien Vincent Date: Thu, 20 Dec 2018 13:07:42 +0100 Subject: [PATCH] [protocol] Increases minimum and recommended RSA key size. --- fscp.txt | 4 ++-- libs/freelan/include/freelan/tools.hpp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fscp.txt b/fscp.txt index 2603a7c7..78d0e599 100644 --- a/fscp.txt +++ b/fscp.txt @@ -112,7 +112,7 @@ Abstract satisfy the key usage requirements or if it doesn't support pre-shared key encryption. - The minimum RSA key size is 1024 bits. The RECOMMENDED RSA key size is 2048 + The minimum RSA key size is 2048 bits. The RECOMMENDED RSA key size is 3072 bits or higher, with an exponent of 2^16 + 1. A strict implementation MAY reject PRESENTATION messages with a low RSA key size. @@ -501,7 +501,7 @@ Abstract The underlying hash algorithm is SHA256. The salt len for PSS is the size of the hash digest. - The minimum key size is 1024. The RECOMMENDED key size is 2048. + The minimum key size is 2048. The RECOMMENDED key size is 3072. 3.3. Key derivation diff --git a/libs/freelan/include/freelan/tools.hpp b/libs/freelan/include/freelan/tools.hpp index 37a5c87f..eddd43ac 100644 --- a/libs/freelan/include/freelan/tools.hpp +++ b/libs/freelan/include/freelan/tools.hpp @@ -61,11 +61,11 @@ namespace freelan /** * \brief Generate a private key. - * \param size The size of the key. Defaults to 2048. + * \param size The size of the key. Defaults to 3072. * \param prime A prime number to generate the key. Defaults to 17. * \return The private key. */ - cryptoplus::pkey::pkey generate_private_key(unsigned int size = 2048, unsigned int prime = 17); + cryptoplus::pkey::pkey generate_private_key(unsigned int size = 3072, unsigned int prime = 17); /** * \brief Generate a certificate request.