| #
5d5d7d0b |
| 15-Apr-2025 |
Joakim Bech <joakim.bech@linaro.org> |
keys: increase default RSA key size to 4096 bits
Change the key size in your default key located at default.pem to 4096
bits.
New key has been created using this command:
openssl genrsa -out keys
keys: increase default RSA key size to 4096 bits
Change the key size in your default key located at default.pem to 4096
bits.
New key has been created using this command:
openssl genrsa -out keys/default.pem 4096
Background:
GlobalPlatform, based on feedback from various national bodies such as
ANSSI, BSI, SOGIS, and NIST, has decided to designate RSA keys smaller
than 2048 bits as deprecated (see [1]).
Note:
This key is intended for testing purposes only. Therefore, it's not a
problem to publicly publish this, but it's important to remember to
change this if/when used in real products.
Link: https://globalplatform.org/specs-library/globalplatform-technology-cryptographic-algorithm-recommendations/ [1]
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
12fc3771 |
| 30-May-2023 |
Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> |
keys: rename the default key to default.pem
The default key can have other uses than the TA signature.
Rename the file to have a generic name.
For compatibility with existing code, doc and CI, the
keys: rename the default key to default.pem
The default key can have other uses than the TA signature.
Rename the file to have a generic name.
For compatibility with existing code, doc and CI, the
default_ta.pem is kept but becomes a symbolic link.
If the default_ta.pem is selected, the default.pem file is
also copied in the build folder as default_ta.pem symlink
points to it.
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
show more ...
|