diff options
author | Qin Zhao <chaochin@gmail.com> | 2014-09-15 18:08:51 +0800 |
---|---|---|
committer | Qin Zhao <chaochin@gmail.com> | 2014-09-15 18:08:51 +0800 |
commit | 3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13 (patch) | |
tree | a2a7bf76d20e9ffa489228504fedb718f07d47e2 /nova/crypto.py | |
parent | 84da73d662de3f0874db3fc5e42f0b72e19b12a2 (diff) | |
download | nova-3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13.tar.gz |
NIST: increase RSA key length to 2048 bit
According to NIST 800-131A, RSA key lenght for digital signature
must >= 2048 bit. Now we use 1024 bit key to generate x509 cert
file. Need to increase the key length to 2048 bit.
Change-Id: I59f614b5d8a79f9e0a96503867cfca176be5c757
Closes-Bug: 1369487
Diffstat (limited to 'nova/crypto.py')
-rw-r--r-- | nova/crypto.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nova/crypto.py b/nova/crypto.py index ebbc3068cd..cecd1846bc 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -322,7 +322,7 @@ def _user_cert_subject(user_id, project_id): return CONF.user_cert_subject % (project_id, user_id, timeutils.isotime()) -def generate_x509_cert(user_id, project_id, bits=1024): +def generate_x509_cert(user_id, project_id, bits=2048): """Generate and sign a cert for user in project.""" subject = _user_cert_subject(user_id, project_id) |