NIST (SP800-57 Part 1) recommends a minimum RSA key size of 2048-bits beyond 2010. From January 1st 2011, in order to comply with the current Microsoft[1] and Mozilla[2] CA Policies, Commercial CAs will no longer be permitted to issue certificates with RSA key sizes of <2048-bit.
Please accept the attached patch, which increases the default RSA key size to 2048-bits for the "req", "genrsa" and "genpkey" apps. Thanks. [1] http://technet.microsoft.com/en-us/library/cc751157.aspx says: "we have advised Certificate Authorities...to transition their subordinate and end-certificates to 2048-bit RSA certificates, and to complete this transition for any root certificate distributed by the Program no later than December 31, 2010". [2] https://wiki.mozilla.org/CA:MD5and1024 says: "December 31, 2010 – CAs should stop issuing intermediate and end-entity certificates from roots with RSA key sizes smaller than 2048 bits. All CAs should stop issuing intermediate and end-entity certificates with RSA key size smaller than 2048 bits under any root". Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com COMODO CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software.
Index: apps/genrsa.c =================================================================== RCS file: /v/openssl/cvs/openssl/apps/genrsa.c,v retrieving revision 1.40 diff -U 5 -r1.40 genrsa.c --- apps/genrsa.c 1 Mar 2010 14:22:21 -0000 1.40 +++ apps/genrsa.c 28 Sep 2010 14:44:44 -0000 @@ -76,11 +76,11 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/rand.h> -#define DEFBITS 512 +#define DEFBITS 2048 #undef PROG #define PROG genrsa_main static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); Index: apps/openssl-vms.cnf =================================================================== RCS file: /v/openssl/cvs/openssl/apps/openssl-vms.cnf,v retrieving revision 1.11 diff -U 5 -r1.11 openssl-vms.cnf --- apps/openssl-vms.cnf 23 Apr 2009 16:32:37 -0000 1.11 +++ apps/openssl-vms.cnf 28 Sep 2010 14:44:44 -0000 @@ -101,11 +101,11 @@ commonName = supplied emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert Index: apps/openssl.cnf =================================================================== RCS file: /v/openssl/cvs/openssl/apps/openssl.cnf,v retrieving revision 1.32 diff -U 5 -r1.32 openssl.cnf --- apps/openssl.cnf 4 Apr 2009 19:54:02 -0000 1.32 +++ apps/openssl.cnf 28 Sep 2010 14:44:44 -0000 @@ -101,11 +101,11 @@ commonName = supplied emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert Index: apps/req.c =================================================================== RCS file: /v/openssl/cvs/openssl/apps/req.c,v retrieving revision 1.146 diff -U 5 -r1.146 req.c --- apps/req.c 14 Mar 2010 12:54:45 -0000 1.146 +++ apps/req.c 28 Sep 2010 14:44:44 -0000 @@ -97,11 +97,11 @@ #define V3_EXTENSIONS "x509_extensions" #define REQ_EXTENSIONS "req_extensions" #define STRING_MASK "string_mask" #define UTF8_IN "utf8" -#define DEFAULT_KEY_LENGTH 512 +#define DEFAULT_KEY_LENGTH 2048 #define MIN_KEY_LENGTH 384 #undef PROG #define PROG req_main Index: crypto/rsa/rsa_pmeth.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/rsa/rsa_pmeth.c,v retrieving revision 1.39 diff -U 5 -r1.39 rsa_pmeth.c --- crypto/rsa/rsa_pmeth.c 1 Jun 2010 14:39:01 -0000 1.39 +++ crypto/rsa/rsa_pmeth.c 28 Sep 2010 14:44:44 -0000 @@ -91,11 +91,11 @@ { RSA_PKEY_CTX *rctx; rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); if (!rctx) return 0; - rctx->nbits = 1024; + rctx->nbits = 2048; rctx->pub_exp = NULL; rctx->pad_mode = RSA_PKCS1_PADDING; rctx->md = NULL; rctx->mgf1md = NULL; rctx->tbuf = NULL; Index: doc/apps/genpkey.pod =================================================================== RCS file: /v/openssl/cvs/openssl/doc/apps/genpkey.pod,v retrieving revision 1.5 diff -U 5 -r1.5 genpkey.pod --- doc/apps/genpkey.pod 15 Apr 2009 15:26:55 -0000 1.5 +++ doc/apps/genpkey.pod 28 Sep 2010 14:44:44 -0000 @@ -95,11 +95,11 @@ =over 4 =item B<rsa_keygen_bits:numbits> -The number of bits in the generated key. If not specified 1024 is used. +The number of bits in the generated key. If not specified 2048 is used. =item B<rsa_keygen_pubexp:value> The RSA public exponent value. This can be a large decimal or hexadecimal value if preceded by B<0x>. Default value is 65537. Index: doc/apps/genrsa.pod =================================================================== RCS file: /v/openssl/cvs/openssl/doc/apps/genrsa.pod,v retrieving revision 1.9 diff -U 5 -r1.9 genrsa.pod --- doc/apps/genrsa.pod 15 Apr 2009 15:26:55 -0000 1.9 +++ doc/apps/genrsa.pod 28 Sep 2010 14:44:44 -0000 @@ -63,11 +63,11 @@ for all available algorithms. =item B<numbits> the size of the private key to generate in bits. This must be the last option -specified. The default is 512. +specified. The default is 2048. =back =head1 NOTES @@ -84,11 +84,11 @@ =head1 BUGS A quirk of the prime generation algorithm is that it cannot generate small primes. Therefore the number of bits should not be less that 64. For typical private keys this will not matter because for security reasons they will -be much larger (typically 1024 bits). +be much larger (typically 2048 bits). =head1 SEE ALSO L<gendsa(1)|gendsa(1)> Index: doc/apps/req.pod =================================================================== RCS file: /v/openssl/cvs/openssl/doc/apps/req.pod,v retrieving revision 1.21 diff -U 5 -r1.21 req.pod --- doc/apps/req.pod 15 Apr 2009 15:26:56 -0000 1.21 +++ doc/apps/req.pod 28 Sep 2010 14:44:44 -0000 @@ -347,11 +347,11 @@ configuration file values. =item B<default_bits> This specifies the default key size in bits. If not specified then -512 is used. It is used if the B<-new> option is used. It can be +2048 is used. It is used if the B<-new> option is used. It can be overridden by using the B<-newkey> option. =item B<default_keyfile> This is the default filename to write a private key to. If not @@ -504,20 +504,20 @@ openssl req -in req.pem -text -verify -noout Create a private key and then generate a certificate request from it: - openssl genrsa -out key.pem 1024 + openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out req.pem The same but just using req: - openssl req -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -newkey rsa:2048 -keyout key.pem -out req.pem Generate a self signed root certificate: - openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem + openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem Example of a file pointed to by the B<oid_file> option: 1.2.3.4 shortName A longer Name 1.2.3.6 otherName Other longer Name @@ -529,11 +529,11 @@ testoid2=${testoid1}.6 Sample configuration file prompting for field values: [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca @@ -570,11 +570,11 @@ RANDFILE = $ENV::HOME/.rnd [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass Index: doc/crypto/EVP_PKEY_CTX_ctrl.pod =================================================================== RCS file: /v/openssl/cvs/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod,v retrieving revision 1.3 diff -U 5 -r1.3 EVP_PKEY_CTX_ctrl.pod --- doc/crypto/EVP_PKEY_CTX_ctrl.pod 30 Sep 2009 23:42:56 -0000 1.3 +++ doc/crypto/EVP_PKEY_CTX_ctrl.pod 28 Sep 2010 14:44:44 -0000 @@ -80,12 +80,12 @@ signing -2 sets the salt length to the maximum permissible value. When verifying -2 causes the salt length to be automatically determined based on the B<PSS> block structure. If this macro is not called a salt length value of -2 is used by default. -The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for -RSA key genration to B<bits>. If not specified 1024 bits is used. +The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for RSA key +generation to B<bits>. If not specified 2048 bits is used. The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value for RSA key generation to B<pubexp> currently it should be an odd integer. The B<pubexp> pointer is used internally by this function so it should not be modified or free after the call. If this macro is not called then 65537 is used. Index: doc/crypto/RSA_generate_key.pod =================================================================== RCS file: /v/openssl/cvs/openssl/doc/crypto/RSA_generate_key.pod,v retrieving revision 1.6 diff -U 5 -r1.6 RSA_generate_key.pod --- doc/crypto/RSA_generate_key.pod 25 Sep 2002 13:33:27 -0000 1.6 +++ doc/crypto/RSA_generate_key.pod 28 Sep 2010 14:44:44 -0000 @@ -16,11 +16,11 @@ RSA_generate_key() generates a key pair and returns it in a newly allocated B<RSA> structure. The pseudo-random number generator must be seeded prior to calling RSA_generate_key(). The modulus size will be B<num> bits, and the public exponent will be -B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. +B<e>. Key sizes with B<num> E<lt> 2048 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537. A callback function may be used to provide feedback about the progress of the key generation. If B<callback> is not B<NULL>, it will be called as follows: