[Cryptography] OpenSSL: rsa_builtin_keygen: key size too small

Ray Dillinger bear at sonic.net
Mon Dec 23 14:38:30 EST 2019

On Mon, 2019-12-23 at 13:05 +1100, Matt Palmer wrote:
> Based on a quick grovel through the openssl source, it looks like
> this limit
> is hard-coded, and requires a rebuild of openssl to set the value
> smaller.

Further, I doubt anyone there will be interested in helping you create
a version that doesn't throw that error message.

People have been badly burned several times by downgrade attacks. The
openssl maintaners REALLY don't want any versions out there in the wild
that fail to shut such attacks down cold.  Especially if they look
enough like "real" openssl to fool anybody.

If you do get an openssl working that can produce a trivial RSA key,
I'm pretty sure no other openssl in the world will consent to talk to
it using that key.  So generating a version that can produce that key
is only half the job. The other half is generating a version that will
respond to it.


More information about the cryptography mailing list