Change all keygen code to use 2048 bit key instead of 1024

GENI-NSF · Aug 17, 2018 · 07044df · 07044df
1 parent 274f644
commit 07044df
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 6 deletions.
diff --git a/bin/geni-init-ca b/bin/geni-init-ca
@@ -124,7 +124,7 @@ def init_ca(config, options):
     cmd = ['/usr/bin/openssl', 'req', '-x509', '-nodes',
            '-days', '1825',
            '-subj', '/CN=%s' % (config.authority),
-           '-newkey', 'rsa:1024',
+           '-newkey', 'rsa:2048',
            '-keyout', config.key,
            '-out', config.cert,
            '-config', ca_conf,

diff --git a/bin/geni-init-services b/bin/geni-init-services
@@ -236,7 +236,7 @@ def init_ca(config, options):
     cmd = ['/usr/bin/openssl', 'req', '-x509', '-nodes',
            '-days', '1825',
            '-subj', '/CN=%s' % (config.authority),
-           '-newkey', 'rsa:1024',
+           '-newkey', 'rsa:2048',
            '-keyout', config.key,
            '-out', config.cert,
            '-config', ca_conf,

diff --git a/bin/init-ca b/bin/init-ca
@@ -32,7 +32,7 @@ EOF
 
 # Create the root certificate
 /usr/bin/openssl req -x509 -nodes -days 365 -subj "/CN=${FQDN}" \
-                     -newkey rsa:1024 -keyout "${CAKEY}" -out "${CACERT}" \
+                     -newkey rsa:2048 -keyout "${CAKEY}" -out "${CACERT}" \
                      -config "${EXT_FILE}" -extensions "${EXT_NAME}"
 
 /bin/rm "${EXT_FILE}"
diff --git a/bin/mk-auth-req b/bin/mk-auth-req
@@ -16,7 +16,7 @@ OPENSSL=/usr/bin/openssl
 UUID=`/usr/bin/uuidgen -t`
 SUBJECT="/O=${SHORT_HOST}/OU=authority/OU=${AUTHORITY}/CN=${UUID}/emailAddress=${EMAIL}"
 
-"${OPENSSL}" req -new -newkey rsa:1024 -nodes \
+"${OPENSSL}" req -new -newkey rsa:2048 -nodes \
                  -subj "${SUBJECT}" \
                  -keyout "${KEYFILE}" \
                  -out "${REQFILE}"

diff --git a/templates/openssl.cnf.tmpl b/templates/openssl.cnf.tmpl
@@ -98,7 +98,7 @@ emailAddress		= optional
 
 ####################################################################
 [ req ]
-default_bits		= 1024
+default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes

diff --git a/tools/cert_utils.py b/tools/cert_utils.py
@@ -125,7 +125,7 @@ def make_csr():
     (key_fd, key_file) = tempfile.mkstemp()
     os.close(key_fd)
     csr_request_args = ['/usr/bin/openssl', 'req', '-new', \
-                            '-newkey', 'rsa:1024', \
+                            '-newkey', 'rsa:2048', \
                             '-nodes', \
                             '-keyout', key_file, \
                             '-out', csr_file, '-batch']