Bug 888931 – Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit

Bug 888931 - Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit

Summary:	Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova (Show other bugs)
Sub Component:
Version:	2.0 (Folsom)
Hardware:	Unspecified Unspecified

Priority	unspecified Severity high
Target Milestone:	snapshot2
Target Release:	2.1
Assigned To:	Zane Bitter
QA Contact:	Yaniv Kaul
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature, Triaged

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-12-19 14:50 EST by Yaniv Kaul
Modified:	2013-07-03 22:56 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	openstack-nova-2012.2.2-9.el6ost
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-02-14 13:24:06 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	20266	None	None	None	Never

Groups: None (edit)

Description Yaniv Kaul 2012-12-19 14:50:13 EST

Description of problem:
I'm pretty sure it should move to 2048 bits.
See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf


This is what I'm getting in Horizon when creating a key:
Private RSA Key
Strength: 1024 bits

Algorithm:	RSA
Size:	1024
Fingerprints
SHA1:	35 EB 77 C2 09 C1 7D 0B EC C4 4C A9 5F C6 B8 F5 A2 43 73 5C
SHA256:	89 6A EC 60 7F 2F C1 1B 72 4A E8 6B EA EE 85 23 C9 3A 08 C7 FA 38 CF 89 55 A4 81 A2 62 C6 6D 07


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 5 Zane Bitter 2013-01-23 08:12:54 EST

Upstream bug: https://bugs.launchpad.net/nova/+bug/1103130
Upstream code review: https://review.openstack.org/20266
Upstream patch: http://github.com/openstack/nova/commit/aa3686a86f903c3b87ea73f1784117c36b2ed6fa

Comment 8 Nir Magnezi 2013-02-04 01:17:53 EST

Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch

Created a new Key via Horizon (named a1.pem):

a1.pem
Private RSA Key
Strength: 2048 bits

Algorithm:	RSA
Size:	2048
Fingerprints
SHA1:	4A 89 C8 3E BF D0 67 DA B8 D1 D2 C8 09 55 AE EB E5 0A A2 1F
SHA256:	28 3F 26 4D 32 2C 66 95 C8 35 A4 7A B3 8F B5 E5 3E 61 0E C2 B1 F3 2F 06 0E 7C 66 D4 29 73 B3 E2

You may check this via CLI:

# openssl rsa -in a1.pem -text -noout
Private-Key: (2048 bit)

Comment 9 Yaniv Kaul 2013-02-04 02:22:35 EST

(In reply to comment #8)
> Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> 
> Created a new Key via Horizon (named a1.pem):
> 
> a1.pem
> Private RSA Key
> Strength: 2048 bits

Please verify the corresponding public key placed in the VM is also 2K in length.

Comment 10 Nir Magnezi 2013-02-05 05:47:23 EST

(In reply to comment #9)
> (In reply to comment #8)
> > Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> > 
> > Created a new Key via Horizon (named a1.pem):
> > 
> > a1.pem
> > Private RSA Key
> > Strength: 2048 bits
> 
> Please verify the corresponding public key placed in the VM is also 2K in
> length.

I verified that as well.

Comment 12 errata-xmlrpc 2013-02-14 13:24:06 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0260.html

Note You need to log in before you can comment on or make changes to this bug.