Ralf Senderek
2017-07-29 12:37:32 UTC
On Sat, 29 Jul 2017, Peter Gutmann wrote:
> Question is, should CRYPT_OPTION_PKC_KEYSIZE also apply to key generation? In
> other words instead of using the CRYPT_QUERY_INFO.keySize value, should the
> CRYPT_OPTION_PKC_KEYSIZE value be used?
lines 49 and 50 in misc/user_cfg.c state:
48 /* Algorithm = PKC options */
49 MK_OPTION( CRYPT_OPTION_PKC_ALGO, CRYPT_ALGO_RSA, 3 ),
50 MK_OPTION( CRYPT_OPTION_PKC_KEYSIZE, bitsToBytes( 1536 ), 4 ),
so all RSA key generations will then be done with 1536 bits which
IMHO is a little too small. I'd rather like to have the minimum RSA
key length set to at least 2048 bit as a default.
--ralf
_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order
> Question is, should CRYPT_OPTION_PKC_KEYSIZE also apply to key generation? In
> other words instead of using the CRYPT_QUERY_INFO.keySize value, should the
> CRYPT_OPTION_PKC_KEYSIZE value be used?
lines 49 and 50 in misc/user_cfg.c state:
48 /* Algorithm = PKC options */
49 MK_OPTION( CRYPT_OPTION_PKC_ALGO, CRYPT_ALGO_RSA, 3 ),
50 MK_OPTION( CRYPT_OPTION_PKC_KEYSIZE, bitsToBytes( 1536 ), 4 ),
so all RSA key generations will then be done with 1536 bits which
IMHO is a little too small. I'd rather like to have the minimum RSA
key length set to at least 2048 bit as a default.
--ralf
_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order