Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-131913

agent advertizes TPM algorithm rsa2048 in a non-compatible way

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.2
    • keylime-agent-rust
    • None
    • Yes
    • None
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

       

      Add agent from RHEL-10.2-Nightly to a verifier from an older release

       
      2025-11-23 14:21:18.340 - keylime.tenant - ERROR - TPM Quote from Agent d432fbb3-d2f1-4a97-9ef7-75bd81c33333 (10.31.47.221:9002) is using an unaccepted encryption algorithm: rsa2048

      I believe that from compatibility reasons rsa2048 should be advertized as 'rsa' only. That is what I can see on older versions.

      What is the impact of this issue to you?

      keylime agent cannot be added

      Please provide the package NVR for which the bug is seen:

      keylime-agent-rust-0.2.7-4.el10.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. configure registrar, verifier on RHEL-10.1
      2. start attestation for agent running on RHEL-10.2
      3. cannot add agent

      Expected results

      attestation works

      Actual results

      error

              scorreia@redhat.com Sergio Correia
              ksrot@redhat.com Karel Srot
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: