Home GnuPG

cipher: Allow generation of RSA keys > 2k

Description

cipher: Allow generation of RSA keys > 2k

  • cipher/rsa.c (generate_fips): Allow any larger key than 2k in FIPS mode. --

The NIST.SP.800-131Ar2, Table 2 explicitly mentions the approved RSA
sizes to be:

len(n) ≥ 2048 to be

On the other hand, older standard NIST.FIPS.186-4, section 5.1 describes
only 1024, 2048 and 3072 bits sizes and Federal government shall used
one of these.

But the NIST.FIPS.186-5 draft already clarified that

This standard specifies the use of a modulus whose bit length is an
even integer and greater than or equal to 2048 bits.

  • GnuPG-bug-id: T5645
  • Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Details

Provenance
JakujeAuthored on Mon, Oct 4, 5:01 PM
gniibeCommitted on Thu, Oct 14, 8:45 AM
Parents
rC10e02b90f65f: build: Support specifying HMAC key by --enable-hmac-binary-check.
Branches
Unknown
Tags
Unknown
Tasks
T5645: RSA/DSA keygen modification for FIPS/ACVP testing