a3e99432bb
This change guarantees compliance with CA/BF Ballot SC-073 "Compromised and Weak Keys", which requires that at least 100 rounds of Fermat Factorization be attempted: > Section 6.1.1.3 Subscriber Key Pair Generation > The CA SHALL reject a certificate request if... The Public Key corresponds to an industry-demonstrated weak Private Key. For requests submitted on or after November 15, 2024,... In the case of Close Primes vulnerability (https://fermatattack.secvuln.info/), the CA SHALL reject weak keys which can be factored within 100 rounds using Fermat’s factorization method. We choose 110 rounds to ensure a margin above and beyond the requirements. Fixes https://github.com/letsencrypt/boulder/issues/7558 |
||
|---|---|---|
| .. | ||
| sagoodkey | ||
| blocked.go | ||
| blocked_test.go | ||
| good_key.go | ||
| good_key_test.go | ||
| weak.go | ||
| weak_test.go | ||