From 3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13 Mon Sep 17 00:00:00 2001
From: Qin Zhao <chaochin@gmail.com>
Date: Mon, 15 Sep 2014 18:08:51 +0800
Subject: NIST: increase RSA key length to 2048 bit

According to NIST 800-131A, RSA key lenght for digital signature
must >= 2048 bit. Now we use 1024 bit key to generate x509 cert
file. Need to increase the key length to 2048 bit.

Change-Id: I59f614b5d8a79f9e0a96503867cfca176be5c757
Closes-Bug: 1369487
---
 nova/crypto.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nova/crypto.py')

diff --git a/nova/crypto.py b/nova/crypto.py
index ebbc3068cd..cecd1846bc 100644
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -322,7 +322,7 @@ def _user_cert_subject(user_id, project_id):
     return CONF.user_cert_subject % (project_id, user_id, timeutils.isotime())
 
 
-def generate_x509_cert(user_id, project_id, bits=1024):
+def generate_x509_cert(user_id, project_id, bits=2048):
     """Generate and sign a cert for user in project."""
     subject = _user_cert_subject(user_id, project_id)
 
-- 
cgit v1.2.1