[OpenWrt-Devel] [PATCH 1/1 v2] package/uhttpd: generate 2048 bit RSA key
Heinrich Schuchardt
xypron.glpk at gmx.de
Sat Jan 23 14:29:46 EST 2016
RSA keys should be generated with sufficient length.
Using 1024 bits is considered unsafe.
In other packages the used key length is 2048 bits.
Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
---
package/network/services/uhttpd/files/uhttpd.config | 2 +-
package/network/services/uhttpd/files/uhttpd.init | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index 61f8a49..41f930b 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -111,7 +111,7 @@ config cert px5g
option days 730
# RSA key size
- option bits 1024
+ option bits 2048
# Location
option country ZZ
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index add0924..4ca6c8d 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -45,7 +45,7 @@ generate_keys() {
[ -x "$PX5G_BIN" ] && {
$PX5G_BIN selfsigned -der \
- -days ${days:-730} -newkey rsa:${bits:-1024} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
+ -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-OpenWrt}"
sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
--
2.1.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list