Bug 888931 - Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit
Summary: Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 2.0 (Folsom)
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: snapshot2
: 2.1
Assignee: Zane Bitter
QA Contact: Yaniv Kaul
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-19 19:50 UTC by Yaniv Kaul
Modified: 2019-09-10 14:09 UTC (History)
2 users (show)

Fixed In Version: openstack-nova-2012.2.2-9.el6ost
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-14 18:24:06 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 20266 0 None None None Never
Red Hat Product Errata RHBA-2013:0260 0 normal SHIPPED_LIVE Red Hat OpenStack 2.0 (Folsom) Preview bug fix and enhancement update 2013-02-14 23:21:02 UTC

Description Yaniv Kaul 2012-12-19 19:50:13 UTC
Description of problem:
I'm pretty sure it should move to 2048 bits.
See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf


This is what I'm getting in Horizon when creating a key:
Private RSA Key
Strength: 1024 bits

Algorithm:	RSA
Size:	1024
Fingerprints
SHA1:	35 EB 77 C2 09 C1 7D 0B EC C4 4C A9 5F C6 B8 F5 A2 43 73 5C
SHA256:	89 6A EC 60 7F 2F C1 1B 72 4A E8 6B EA EE 85 23 C9 3A 08 C7 FA 38 CF 89 55 A4 81 A2 62 C6 6D 07


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 8 Nir Magnezi 2013-02-04 06:17:53 UTC
Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch

Created a new Key via Horizon (named a1.pem):

a1.pem
Private RSA Key
Strength: 2048 bits

Algorithm:	RSA
Size:	2048
Fingerprints
SHA1:	4A 89 C8 3E BF D0 67 DA B8 D1 D2 C8 09 55 AE EB E5 0A A2 1F
SHA256:	28 3F 26 4D 32 2C 66 95 C8 35 A4 7A B3 8F B5 E5 3E 61 0E C2 B1 F3 2F 06 0E 7C 66 D4 29 73 B3 E2

You may check this via CLI:

# openssl rsa -in a1.pem -text -noout
Private-Key: (2048 bit)

Comment 9 Yaniv Kaul 2013-02-04 07:22:35 UTC
(In reply to comment #8)
> Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> 
> Created a new Key via Horizon (named a1.pem):
> 
> a1.pem
> Private RSA Key
> Strength: 2048 bits

Please verify the corresponding public key placed in the VM is also 2K in length.

Comment 10 Nir Magnezi 2013-02-05 10:47:23 UTC
(In reply to comment #9)
> (In reply to comment #8)
> > Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> > 
> > Created a new Key via Horizon (named a1.pem):
> > 
> > a1.pem
> > Private RSA Key
> > Strength: 2048 bits
> 
> Please verify the corresponding public key placed in the VM is also 2K in
> length.

I verified that as well.

Comment 12 errata-xmlrpc 2013-02-14 18:24:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0260.html


Note You need to log in before you can comment on or make changes to this bug.