[PATCH] virnettlshelpers: Update private key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In not so distant past (v6.5.0~3) I've updated the private key we
use for virnettls* tests. Back then I was driven by Fedora 33
change which deprecated RSA-1024 which we used back then. I
generated an EC-384 key which was fine as it was considered
strong enough until RHEL-9 came along. RHEL-9 no longer considers
any of EC keys strong enough (for key exchange) and thus we're
back to RSA, but this time with 2048 bits. Generated by this cmd
line:

  openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---

Honestly, I don't fully understand why EC is not good enough. If I run
'gnutls-cli --list' on a RHEL-9 box and Rawhide box the output is the
same except for 'Groups' line where Rawhide contains 'GROUP-GC256B,
GROUP-GC512A' on the top of what RHEL-9 has.

And I can even find the following:

enabled-curve = SECP384R1

in /usr/share/crypto-policies/DEFAULT/gnutls.txt on the RHEL-9 box. This
all makes me think that something else must be going on, but I have no
mental capacity to debug any further.

 tests/virnettlshelpers.c | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/tests/virnettlshelpers.c b/tests/virnettlshelpers.c
index 905e633e60..1886b4b5f5 100644
--- a/tests/virnettlshelpers.c
+++ b/tests/virnettlshelpers.c
@@ -47,10 +47,32 @@ extern const asn1_static_node pkix_asn1_tab[];
 gnutls_x509_privkey_t privkey;
 # define PRIVATE_KEY \
     "-----BEGIN PRIVATE KEY-----\n" \
-    "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD39t6GRLeEmsYjRGR6\n" \
-    "iQiIN2S4zXsgLGS/2GloXdG7K+i/3vEJDt9celZ0DfCLcG6hZANiAAQTJIe13jy7\n" \
-    "k4KTXMkHQHEJa/asH263JaPL5kTbfRa6tMq3DS3pzWlOj+NHY/9JzthrKD+Ece+g\n" \
-    "2g/POHa0gfXRYXGiHTs8mY0AHFqNNmF38eIVGjOqobIi90MkyI3wx4g=\n" \
+    "MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCo5oG7tx5EGtHW\n" \
+    "ZNHNG8lOei7IEuL6N39/Gkhl7XHXBmb2+Q+iGDI7uhzni/2/A6cUsPMKS4YWn74h\n" \
+    "NLDyBuB7Fge5iYooKYqb9FyPWLmkAXGOaLMwxEpp2yZUusVLxZ3USeHtVK6e6sXV\n" \
+    "x1hTxuntqPW4kZ7gaDWw27I3CBugiLptxb0M2ENRLyCkLKgyYf3PlnpD1ifupVgO\n" \
+    "WNLjkoNgjSTOtnFkYQHm/sk37nrzj7yqzo46CeSGEAopnfQ5UaIv21DLyKQKmZfh\n" \
+    "aWbDvQq/hDxLbG+nm79DZBHxe9uX9XWeuHp7AWo7G4MTyU7NHj3aMNR8tfdPjF81\n" \
+    "2Hbbk+XrAgMBAAECggEAHKXcY2aP76VM6jx3iX6pCnKW9MCfVymKqphep0s6/+nK\n" \
+    "FSHxkODhxFexB2UrSPbppAzPbHOa7sNxkFhLmwGnmbkG3mWB1YYWSJWODZJTCopk\n" \
+    "JG+F1UO2C3Zsbfqv9EY0mwldFNBEPhg8LiJ9zNf0XadG5mNsu0txr+nTtJnfdb70\n" \
+    "k/Af/usszzxSbNZCwmfR4DeS3Nmsi4jpn0XJ/otKQR/up4snjH9rIv8ybArZVJFP\n" \
+    "/sGL725jz671O8u5JJ4iLVbI+y7nyxiHDJMCJtg9S0TAeCXR1XdJXWzcwPFpQrMq\n" \
+    "HtkdgdHhMOJEloQzEgp98KYzJr5eiwF/jMAC37IBQQKBgQDdGYjC7ckZ4xETBjn0\n" \
+    "S/Q6aePYte0Z5RCReoamHmUgrQNe+y7Ts6owSFGr5WUG7euQ6Rq2ewsQQOlU1LeX\n" \
+    "JD7YtsHxwSc+aruxuyVcu5uARcoHDYHMV9y8QZkTt9PutApOBB5yfhjkDn09Eask\n" \
+    "ZwG4hfVQxqKZDTj/thUvmIJ7AwKBgQDDj6OZgpE9pBLGwBvMHLhIDGaPw/jeA+2k\n" \
+    "8xYJqj+y7YXoqNY2/C8LC/fiA9Zu+AnzMZeXm8CS6OA3P7C6e82iDtz6xSzMG3vV\n" \
+    "onzQahdP/a/9HtHP6e2mr9jx7odbPzL9Lr9U1w+ymramtzTh8P3YcMlKe7qgpULT\n" \
+    "JjuYVXjA+QKBgDCMCMF0YLG0b+1Tcqo3ezrQQV02JQeIimjHFIWpKt9P3eufD5sg\n" \
+    "WgAcAQLTball2FGLPXhP8A/zkMg1pNIk/T+scU1Z8fn8iZXu17dS4kP6DvAZgSST\n" \
+    "Lj6P0MLJnFlPYuvab60IDwMUQ1+DX6awj2oqz8CavN0KUDeljWVUAWJtAoGBAKC9\n" \
+    "tA89zvwHnJdY2IBRKvetma+ZuTljqTXnyLlxAqKjsWmnPUw8xL4jvEA+P0c/AY6v\n" \
+    "uJaZIxSd7Y37/9uIX2FRLjnBUC0EeikDQexdB4RsVPeNGY/4C6ry5zMUiJVrwRFy\n" \
+    "Fzo4+2Im4PLvq7v7Retd6VYblS7uJ5s+1cVEm9ihAn9W1kDj9xEwwLUfkhCtQSiN\n" \
+    "OXADB8Xz/BEtJJoRxf2S0tz3qUBrd7hHG5nfV3tEpU6nP8bFyLU0MIuzV3uRIiov\n" \
+    "JPmdRRv4QcweRiPX5kPheanGHvfclMP5mhqLju/NFLqlS13P2/BNQG2XgtkolE4s\n" \
+    "/hUIAHybIAqkE5/BlQjA\n" \
     "-----END PRIVATE KEY-----\n"
 
 /*
-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux