SSL software is 1. If your
> system default is 2 or higher, that was done by your OS package
> maintainers.
>
>> I see that the API exposes SSL_CTX_get_security_level(); is that the
>> best way to determine minimum RSA key size, or would there be anything
>> more explicit
PI exposes SSL_CTX_get_security_level(); is that the
> best way to determine minimum RSA key size, or would there be anything
> more explicit?
The documentation for that function reads in part:
Level 0
Everything is permitted. This retains compatibility with
previous
pher string the error goes away.
Thank you!
I see that the API exposes SSL_CTX_get_security_level(); is that the best way
to determine minimum RSA key size, or would there be anything more explicit?
cheers,
-Felipe
On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:
> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.
No such change was made. Perhaps your OS distribution has bumped the
default (TLS) security level from 1 (80-bit or more) to 2 (~112 bit or
more). You can l
Hello,
OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key
sizes.
Is the new minimum key size queryable? It appears to be 2,048, but in
the event that that changes again I’d ideally love just to grab that value from
OpenSSL itself rather than hard-coding it.
Pawel Jakub Dawidek wrote:
Hello.
We're trying to get as small RSA private key as possible, because we
are short in space (we want to store it on a smart card, so every byte
is important).
We found a way to cut it a bit by NULLing some pointers inside RSA
structure:
RSA *key;
key->p
Hello.
We're trying to get as small RSA private key as possible, because we
are short in space (we want to store it on a smart card, so every byte
is important).
We found a way to cut it a bit by NULLing some pointers inside RSA
structure:
RSA *key;
key->p = NULL;
key->q
Rich Salz wrote:
why I can't build certificate with one 64 or 128 bits size RSA key?
Because it could be cracked almost immediately. :)
Yes, but what's your point? ;-)
Response to OP, Rich Salz knows at least as much as I do about
this stuff --
Seriously, no smiley here -- independent of recomm
> why I can't build certificate with one 64 or 128 bits size RSA key?
Because it could be cracked almost immediately. :)
You are probably confusing RSA keys (which are 1K 2K or 4K typically)
with DES and RC4.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology
why I can't build certificate with one 64 or 128 bits size RSA key?
--
__
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
__
OpenSSL Proje
Hi,
On a PHP server using SSL my colleague does:
openssl genrsa -des3 -out private_key_file 256
openssl rsa -pubout -in private_key_file -out pub_key_file
then to sign some message data he uses the PHP call:
$digest = mhash(MHASH_MD5, $msg);
and then sign the obtained digest with:
openssl_pr
11 matches
Mail list logo
