Test RSA key is only 1024 bit, not 2048 bit as it says

w3c-ccg / http-signatures

Signing HTTP Messages specification

https://w3c-dvcg.github.io/http-signatures/

Other

34 stars 9 forks source link

Test RSA key is only 1024 bit, not 2048 bit as it says #109

Open Diggsey opened 4 years ago

Diggsey commented 4 years ago

The following test data uses the following RSA 2048-bit keys, which we will refer to as keyId=Test in the following samples:

However the RSA key specified is only 1024 bits long. This is a problem because several crypto libraries have started dropping support for 1024-bit RSA keys.

aljones15 commented 4 years ago

Is this WRT to the http-signatures spec or the test suite?

The test suite is here if so: https://github.com/w3c-ccg/http-signatures-test-suite

Diggsey commented 4 years ago

This is WRT to the RSA key in the spec itself.