Enforce strict RSA key length checking in existing RSA crypto constructors, add new legacy constructor to permit keys shorter than 2018 bits
Issue #219
resolved
Chapter 3.3 and 3.5 of the JWA specification require RSA keys to have a length of at least 2048 bit.
This requirement is currently not enforced by the library. I attached a test case that illustrates the behaviour.
Comments (4)
-
-
- changed title to Enforce strict RSA key length checking in existing RSA crypto constructors, add new legacy constructor to permit keys shorter than 2018 bits
- marked as enhancement
Legacy apps still need to be able to work with RSA keys shorter than 2048 bits.
-
- changed status to open
-
- changed status to resolved
Addressed in b3c700b44955c982c653e18f67964f6278a1e60f
To be released in 6.1
- Log in to comment
That's true, we've had developers who insisted on support 1024 bit RSA keys for various reasons.
I'm thinking of adding a second 'legacy' constructor to permit shorter keys, while making the original constructor strict (require 2048+ bits).