Update RSA key bit length to 3072. (#761)

Update RSA key bit length to 3072. Co-authored-by: Jumping Yang[Wicresoft] <v-zhenpy@microsoft.com>
microsoft · Apr 2, 2024 · d7a413c · d7a413c
1 parent 3566da8
commit d7a413c
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/Unix/installbuilder/datafiles/Base_OMI.data b/Unix/installbuilder/datafiles/Base_OMI.data
@@ -403,7 +403,7 @@ EOF
 }
 
 GenerateKeyCert() {
-    $OPENSSL_PATH req -x509 -sha256 -newkey rsa:2048 -days 3650 -nodes -config $cnffile -keyout $keyfile -out $certfile
+    $OPENSSL_PATH req -x509 -sha256 -newkey rsa:3072 -days 3650 -nodes -config $cnffile -keyout $keyfile -out $certfile
 }
 
 HandleConfigFiles() {
@@ -465,6 +465,13 @@ DeleteUnsupportedCertificate() {
             echo "************************************************************"
             rm -rf $certdir*
         fi
+
+	if [ `$OPENSSL_PATH x509 -in $certfile -text | grep "Public-Key"| sed 's/[^0-9]*//g'` -lt 3072 ]; then
+	    echo "************************************************************"
+	    echo "* Deleting certificates whose public key is less than 3072 *"
+	    echo "************************************************************"
+	    rm -rf $certdir*
+	fi
     fi
 }