NIST: increase RSA key length to 2048 bit

According to NIST 800-131A, RSA key lenght for digital signature must >= 2048 bit. Now we use 1024 bit key to generate x509 cert file. Need to increase the key length to 2048 bit. Change-Id: I59f614b5d8a79f9e0a96503867cfca176be5c757 Closes-Bug: 1369487
author: Qin Zhao <chaochin@gmail.com> 2014-09-15 18:08:51 +0800
committer: Qin Zhao <chaochin@gmail.com> 2014-09-15 18:08:51 +0800
commit: 3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13 (patch)
tree: a2a7bf76d20e9ffa489228504fedb718f07d47e2 /nova/crypto.py
parent: 84da73d662de3f0874db3fc5e42f0b72e19b12a2 (diff)
download: nova-3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/nova/crypto.py b/nova/crypto.py
index ebbc3068cd..cecd1846bc 100644
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -322,7 +322,7 @@ def _user_cert_subject(user_id, project_id):
     return CONF.user_cert_subject % (project_id, user_id, timeutils.isotime())
 
 
-def generate_x509_cert(user_id, project_id, bits=1024):
+def generate_x509_cert(user_id, project_id, bits=2048):
     """Generate and sign a cert for user in project."""
     subject = _user_cert_subject(user_id, project_id)
author	Qin Zhao <chaochin@gmail.com>	2014-09-15 18:08:51 +0800
committer	Qin Zhao <chaochin@gmail.com>	2014-09-15 18:08:51 +0800
commit	3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13 (patch)
tree	a2a7bf76d20e9ffa489228504fedb718f07d47e2 /nova/crypto.py
parent	84da73d662de3f0874db3fc5e42f0b72e19b12a2 (diff)
download	nova-3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13.tar.gz