Bug 888931

Summary: Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit
Product: Red Hat OpenStack Reporter: Yaniv Kaul <ykaul>
Component: openstack-novaAssignee: Zane Bitter <zbitter>
Status: CLOSED ERRATA QA Contact: Yaniv Kaul <ykaul>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.0 (Folsom)CC: jkt, nmagnezi, zbitter
Target Milestone: snapshot2Keywords: FutureFeature, Triaged
Target Release: 2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-nova-2012.2.2-9.el6ost Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-14 13:24:06 EST Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Yaniv Kaul 2012-12-19 14:50:13 EST
Description of problem:
I'm pretty sure it should move to 2048 bits.
See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf


This is what I'm getting in Horizon when creating a key:
Private RSA Key
Strength: 1024 bits

Algorithm:	RSA
Size:	1024
Fingerprints
SHA1:	35 EB 77 C2 09 C1 7D 0B EC C4 4C A9 5F C6 B8 F5 A2 43 73 5C
SHA256:	89 6A EC 60 7F 2F C1 1B 72 4A E8 6B EA EE 85 23 C9 3A 08 C7 FA 38 CF 89 55 A4 81 A2 62 C6 6D 07


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 8 Nir Magnezi 2013-02-04 01:17:53 EST
Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch

Created a new Key via Horizon (named a1.pem):

a1.pem
Private RSA Key
Strength: 2048 bits

Algorithm:	RSA
Size:	2048
Fingerprints
SHA1:	4A 89 C8 3E BF D0 67 DA B8 D1 D2 C8 09 55 AE EB E5 0A A2 1F
SHA256:	28 3F 26 4D 32 2C 66 95 C8 35 A4 7A B3 8F B5 E5 3E 61 0E C2 B1 F3 2F 06 0E 7C 66 D4 29 73 B3 E2

You may check this via CLI:

# openssl rsa -in a1.pem -text -noout
Private-Key: (2048 bit)
Comment 9 Yaniv Kaul 2013-02-04 02:22:35 EST
(In reply to comment #8)
> Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> 
> Created a new Key via Horizon (named a1.pem):
> 
> a1.pem
> Private RSA Key
> Strength: 2048 bits

Please verify the corresponding public key placed in the VM is also 2K in length.
Comment 10 Nir Magnezi 2013-02-05 05:47:23 EST
(In reply to comment #9)
> (In reply to comment #8)
> > Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> > 
> > Created a new Key via Horizon (named a1.pem):
> > 
> > a1.pem
> > Private RSA Key
> > Strength: 2048 bits
> 
> Please verify the corresponding public key placed in the VM is also 2K in
> length.

I verified that as well.
Comment 12 errata-xmlrpc 2013-02-14 13:24:06 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0260.html