This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 888931 - Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit
Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
2.0 (Folsom)
Unspecified Unspecified
unspecified Severity high
: snapshot2
: 2.1
Assigned To: Zane Bitter
Yaniv Kaul
: FutureFeature, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-19 14:50 EST by Yaniv Kaul
Modified: 2013-07-03 22:56 EDT (History)
3 users (show)

See Also:
Fixed In Version: openstack-nova-2012.2.2-9.el6ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-14 13:24:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 20266 None None None Never

  None (edit)
Description Yaniv Kaul 2012-12-19 14:50:13 EST
Description of problem:
I'm pretty sure it should move to 2048 bits.
See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf


This is what I'm getting in Horizon when creating a key:
Private RSA Key
Strength: 1024 bits

Algorithm:	RSA
Size:	1024
Fingerprints
SHA1:	35 EB 77 C2 09 C1 7D 0B EC C4 4C A9 5F C6 B8 F5 A2 43 73 5C
SHA256:	89 6A EC 60 7F 2F C1 1B 72 4A E8 6B EA EE 85 23 C9 3A 08 C7 FA 38 CF 89 55 A4 81 A2 62 C6 6D 07


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 8 Nir Magnezi 2013-02-04 01:17:53 EST
Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch

Created a new Key via Horizon (named a1.pem):

a1.pem
Private RSA Key
Strength: 2048 bits

Algorithm:	RSA
Size:	2048
Fingerprints
SHA1:	4A 89 C8 3E BF D0 67 DA B8 D1 D2 C8 09 55 AE EB E5 0A A2 1F
SHA256:	28 3F 26 4D 32 2C 66 95 C8 35 A4 7A B3 8F B5 E5 3E 61 0E C2 B1 F3 2F 06 0E 7C 66 D4 29 73 B3 E2

You may check this via CLI:

# openssl rsa -in a1.pem -text -noout
Private-Key: (2048 bit)
Comment 9 Yaniv Kaul 2013-02-04 02:22:35 EST
(In reply to comment #8)
> Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> 
> Created a new Key via Horizon (named a1.pem):
> 
> a1.pem
> Private RSA Key
> Strength: 2048 bits

Please verify the corresponding public key placed in the VM is also 2K in length.
Comment 10 Nir Magnezi 2013-02-05 05:47:23 EST
(In reply to comment #9)
> (In reply to comment #8)
> > Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> > 
> > Created a new Key via Horizon (named a1.pem):
> > 
> > a1.pem
> > Private RSA Key
> > Strength: 2048 bits
> 
> Please verify the corresponding public key placed in the VM is also 2K in
> length.

I verified that as well.
Comment 12 errata-xmlrpc 2013-02-14 13:24:06 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0260.html

Note You need to log in before you can comment on or make changes to this bug.