The goal of this project is to develop the official European solution for the interoperability between national backend servers of decentralised contact tracing applications to combat COVID-19.
Apache License 2.0
59
stars
25
forks
source link
New certificates use 4096bit keys per default and break Database Limit #276
Newly created certificates seem to default to 4096 bit RSA keys. This leads to signatures which are longer than the column limit on diagnosiskey.uploader_information_batch_signature. This means that every upload to theEFGS fails, due to constraint violation.
Expected behaviour
The EFGS should handle certificates that use 4096bit keys.
Steps to reproduce the issue
Use a certificate with a key size of 4096 bits, and try to upload to the EFGS.
Technical details
The signature format used in the EFGS is a container format, not only containing the signature but also the certificate corresponding to the private key used to calculate the signature. Hence, the "signature" increases in size if the certificate itself gets longer (e.g. larger key sizes, lots of information in the DN and so on).
Possible Fix
We suggest a change of the said column to varchar(8000).
Describe the bug
Newly created certificates seem to default to 4096 bit RSA keys. This leads to
signatures
which are longer than the column limit ondiagnosiskey.uploader_information_batch_signature
. This means that every upload to theEFGS
fails, due to constraint violation.Expected behaviour
The
EFGS
should handle certificates that use 4096bit keys.Steps to reproduce the issue
Use a certificate with a key size of 4096 bits, and try to upload to the
EFGS
.Technical details
The signature format used in the
EFGS
is a container format, not only containing the signature but also the certificate corresponding to the private key used to calculate the signature. Hence, the "signature" increases in size if the certificate itself gets longer (e.g. larger key sizes, lots of information in the DN and so on).Possible Fix
We suggest a change of the said column to
varchar(8000)
.Additional context