ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-01-04 20:24:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use public_exponent 17 to match what was in use before

Browse Source
This commit is contained in:
meejah 2019-06-23 00:28:41 -06:00
parent 544ad5bb59
commit ce27c2ee24
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/allmydata/crypto/rsa.py
View File

@ -28,15 +28,18 @@ def create_signing_keypair(key_size):
:returns: 2-tuple of (private_key, public_key) :returns: 2-tuple of (private_key, public_key)
""" """
# as per # Tahoe's original use of pycryptopp would use cryptopp's default
# public_exponent, which is 17
#
# Thus, we are using 17 here as well. However, there are other
# choices; see this for more discussion:
# https://security.stackexchange.com/questions/2335/should-rsa-public-exponent-be-only-in-3-5-17-257-or-65537-due-to-security-c
#
# Another popular choice is 65537. See:
# https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key # https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key
# and
# https://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.htmlhttps://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html # https://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.htmlhttps://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
# the public exponent is 65537
# (I *believe* that pycryptopp would have used cryptopp's default,
# though, which is 17)
priv_key = rsa.generate_private_key( priv_key = rsa.generate_private_key(
public_exponent=65537, public_exponent=17,
key_size=key_size, key_size=key_size,
backend=default_backend() backend=default_backend()
) )