diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2017-09-07 22:39:37 +0000 |
|---|---|---|
| committer | Andre Heinecke <[email protected]> | 2019-02-28 10:00:31 +0000 |
| commit | 121286d9d1506dbaad9ba33bae2e459814fe5849 (patch) | |
| tree | c02632295e6acfd09468d9868773deab993ef8f3 /doc/howto-create-a-server-cert.texi | |
| parent | conf: New option --show-socket. (diff) | |
| download | gnupg-121286d9d1506dbaad9ba33bae2e459814fe5849.tar.gz gnupg-121286d9d1506dbaad9ba33bae2e459814fe5849.zip | |
gpgsm: default to 3072-bit keys.
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)
Diffstat (limited to 'doc/howto-create-a-server-cert.texi')
| -rw-r--r-- | doc/howto-create-a-server-cert.texi | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi index 55f1a91a4..30e28bdd0 100644 --- a/doc/howto-create-a-server-cert.texi +++ b/doc/howto-create-a-server-cert.texi @@ -31,14 +31,14 @@ Let's continue: @cartouche @example - What keysize do you want? (2048) - Requested keysize is 2048 bits + What keysize do you want? (3072) + Requested keysize is 3072 bits @end example @end cartouche -Hitting enter chooses the default RSA key size of 2048 bits. Smaller -keys are too weak on the modern Internet. If you choose a larger -(stronger) key, your server will need to do more work. +Hitting enter chooses the default RSA key size of 3072 bits. Keys +smaller than 2048 bits are too weak on the modern Internet. If you +choose a larger (stronger) key, your server will need to do more work. @cartouche @example @@ -124,7 +124,7 @@ request: @example These parameters are used: Key-Type: RSA - Key-Length: 2048 + Key-Length: 3072 Key-Usage: sign, encrypt Name-DN: CN=example.com Name-DNS: example.com @@ -224,7 +224,7 @@ To see the content of your certificate, you may now enter: aka: (dns-name example.com) aka: (dns-name www.example.com) validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51 - key type: 2048 bit RSA + key type: 3072 bit RSA key usage: digitalSignature keyEncipherment ext key usage: clientAuth (suggested), serverAuth (suggested), [...] fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57 |