NIST: increase RSA key length to 2048 bit

According to NIST 800-131A, RSA key lenght for digital signature must >= 2048 bit. Now we use 1024 bit key to generate x509 cert file. Need to increase the key length to 2048 bit. Change-Id: I59f614b5d8a79f9e0a96503867cfca176be5c757 Closes-Bug: 1369487
2014-09-15 18:08:51 +08:00
parent 84da73d662
commit 3957d3bed8
1 changed files with 1 additions and 1 deletions
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -322,7 +322,7 @@ def _user_cert_subject(user_id, project_id):
    return CONF.user_cert_subject % (project_id, user_id, timeutils.isotime())


-def generate_x509_cert(user_id, project_id, bits=1024):
+def generate_x509_cert(user_id, project_id, bits=2048):
    """Generate and sign a cert for user in project."""
    subject = _user_cert_subject(user_id, project_id)