Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-63013

Investigate DSA keygen should fail in RHEL 10

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Normal Normal
    • None
    • rhel-10.0.beta
    • nss
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 2
    • False
    • Hide

      None

      Show
      None
    • None
    • Crypto24Q4
    • None
    • None
    • None

      Generating KRA DSA key algorithm for sizes <=1024 works see below:

      pki -d /opt/pki/certdb -P http -p 21080 -h pki1.example.com -c SECret.123 -n "PKI KRA Administrator for Example.Org" kra-key-generate "testuser21049_88558805" --key-algorithm DSA --key-size "2048" --usages "wrap,unwrap"
      java.lang.IllegalArgumentException: Invalid key size specified.
      at com.netscape.certsrv.key.KeyClient.generateAsymmetricKey(KeyClient.java:1028)
      at com.netscape.cmstools.kra.KRAKeyGenerateCLI.execute(KRAKeyGenerateCLI.java:132)
      at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58)
      at org.dogtagpki.cli.CLI.execute(CLI.java:353)
      at org.dogtagpki.cli.CLI.execute(CLI.java:353)
      at com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:79)
      at org.dogtagpki.cli.CLI.execute(CLI.java:353)
      at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:659)
      at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:698)
      17:10
      [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 21080 -h pki1.example.com -c SECret.123 -n "PKI KRA Administrator for Example.Org" kra-key-generate "testuser21049_88558805" --key-algorithm DSA --key-size "1024" --usages "wrap,unwrap"
      ---------------------------
      Key generation request info
      ---------------------------
      Request ID: 0x1c96f10a81952ec49ad67734e7851f91
      Type: asymkeyGenRequest
      Status: complete
      Creation Time: Tue Sep 10 17:02:41 EDT 2024
      Modification Time: Tue Sep 10 17:02:41 EDT 2024
      [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 21080 -h pki1.example.com -c SECret.123 -n "PKI KRA Administrator for Example.Org" kra-key-generate "testuser21049_88558805" --key-algorithm DSA --key-size "512" --usages "wrap,unwrap"
      ---------------------------
      Key generation request info
      ---------------------------
      Request ID: 0x5f88bf4f72372ba1b8f8b15cb4bc1a9f
      Type: asymkeyGenRequest
      Status: complete
      Creation Time: Tue Sep 10 17:05:06 EDT 2024
      Modification Time: Tue Sep 10 17:05:06 EDT 2024
      [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 21080 -h pki1.example.com -c SECret.123 -n "PKI KRA Administrator for Example.Org" kra-key-generate "testuser21049_88558805" --key-algorithm DSA --key-size "512" --usages "wrap,unwrap"

      Expected :
      Expected that like keysize >= 2048 it should FAIL

              rrelyea@redhat.com Robert Relyea
              gkimetto@redhat.com Gilbert Kimetto
              Robert Relyea Robert Relyea
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: