[OpenCA-Devel] Minimum key size for PKCS#10 requests

Martin Bartosch Fri, 25 Feb 2005 01:38:53 -0800

Hi,

the function checkPkcs10_req in pkcs10_req performs some checks on the
DN of an incoming PKCS#10 request.


I would like to add an additional check that compares the keysize of
an incoming request against a configurable minimum keylength (in order
to prevent 512 Bit requests).

This would require a few additional settings in etc/servers/pub.conf.
Idea/example:

DN_TYPE_PKCS10_ENFORCE_MIN_KEYLENGTH "NO"
DN_TYPE_PKCS10_MIN_KEYLENGTH "1020"

(a few bits less than 1024 to allow for fuzziness with leading zeroes
in the modulus).

Question: should I submit this extension to the 0.9.2 branch or should
I keep this change as a local modification for our project only?

Martin



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

[OpenCA-Devel] Minimum key size for PKCS#10 requests

Reply via email to