888931 – Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit

Bug 888931 - Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit

Summary: Nova: key-pair is using 1024 bits RSA key - should move to 2048 bit

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova
Sub Component:
Version:	2.0 (Folsom)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	snapshot2
Target Release:	2.1
Assignee:	Zane Bitter
QA Contact:	Yaniv Kaul
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-12-19 19:50 UTC by Yaniv Kaul
Modified:	2019-09-10 14:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openstack-nova-2012.2.2-9.el6ost
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-14 18:24:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	20266	0	None	None	None	Never
Red Hat Product Errata	RHBA-2013:0260	0	normal	SHIPPED_LIVE	Red Hat OpenStack 2.0 (Folsom) Preview bug fix and enhancement update	2013-02-14 23:21:02 UTC

Description Yaniv Kaul 2012-12-19 19:50:13 UTC

Description of problem:
I'm pretty sure it should move to 2048 bits.
See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf


This is what I'm getting in Horizon when creating a key:
Private RSA Key
Strength: 1024 bits

Algorithm:	RSA
Size:	1024
Fingerprints
SHA1:	35 EB 77 C2 09 C1 7D 0B EC C4 4C A9 5F C6 B8 F5 A2 43 73 5C
SHA256:	89 6A EC 60 7F 2F C1 1B 72 4A E8 6B EA EE 85 23 C9 3A 08 C7 FA 38 CF 89 55 A4 81 A2 62 C6 6D 07


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 5 Zane Bitter 2013-01-23 13:12:54 UTC

Upstream bug: https://bugs.launchpad.net/nova/+bug/1103130
Upstream code review: https://review.openstack.org/20266
Upstream patch: http://github.com/openstack/nova/commit/aa3686a86f903c3b87ea73f1784117c36b2ed6fa

Comment 8 Nir Magnezi 2013-02-04 06:17:53 UTC

Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch

Created a new Key via Horizon (named a1.pem):

a1.pem
Private RSA Key
Strength: 2048 bits

Algorithm:	RSA
Size:	2048
Fingerprints
SHA1:	4A 89 C8 3E BF D0 67 DA B8 D1 D2 C8 09 55 AE EB E5 0A A2 1F
SHA256:	28 3F 26 4D 32 2C 66 95 C8 35 A4 7A B3 8F B5 E5 3E 61 0E C2 B1 F3 2F 06 0E 7C 66 D4 29 73 B3 E2

You may check this via CLI:

# openssl rsa -in a1.pem -text -noout
Private-Key: (2048 bit)

Comment 9 Yaniv Kaul 2013-02-04 07:22:35 UTC

(In reply to comment #8)
> Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> 
> Created a new Key via Horizon (named a1.pem):
> 
> a1.pem
> Private RSA Key
> Strength: 2048 bits

Please verify the corresponding public key placed in the VM is also 2K in length.

Comment 10 Nir Magnezi 2013-02-05 10:47:23 UTC

(In reply to comment #9)
> (In reply to comment #8)
> > Verified NVR: openstack-nova-2012.2.2-9.el6ost.noarch
> > 
> > Created a new Key via Horizon (named a1.pem):
> > 
> > a1.pem
> > Private RSA Key
> > Strength: 2048 bits
> 
> Please verify the corresponding public key placed in the VM is also 2K in
> length.

I verified that as well.

Comment 12 errata-xmlrpc 2013-02-14 18:24:06 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0260.html

Note You need to log in before you can comment on or make changes to this bug.