cipher: Allow generation of RSA keys > 2k
bba63fab1a22
Actions

Description

cipher: Allow generation of RSA keys > 2k

cipher/rsa.c (generate_fips): Allow any larger key than 2k in FIPS mode. --

The NIST.SP.800-131Ar2, Table 2 explicitly mentions the approved RSA
sizes to be:

len(n) ≥ 2048 to be

On the other hand, older standard NIST.FIPS.186-4, section 5.1 describes
only 1024, 2048 and 3072 bits sizes and Federal government shall used
one of these.

But the NIST.FIPS.186-5 draft already clarified that

This standard specifies the use of a modulus whose bit length is an
even integer and greater than or equal to 2048 bits.

GnuPG-bug-id: T5645
Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Details

Provenance

Jakuje	Authored on Oct 4 2021, 5:01 PM
• gniibe	Committed on Oct 14 2021, 8:45 AM

Parents

rC10e02b90f65f: build: Support specifying HMAC key by --enable-hmac-binary-check.

Branches

Unknown

Tags

Unknown

Tasks

T5645: RSA/DSA keygen modification for FIPS/ACVP testing

Event Timeline

• gniibe committed rCbba63fab1a22: cipher: Allow generation of RSA keys > 2k (authored by Jakuje).Oct 14 2021, 8:45 AM

• gniibe added a task: T5645: RSA/DSA keygen modification for FIPS/ACVP testing.Oct 14 2021, 8:51 AM

Changes (1)

Path

Size

cipher/

rsa.c

rCbba63fab1a22

View Options