Viewing all changes in revision 384.1.11.
- Committer: Michal Hlavinka
- Date: 2009-05-13 10:06:56 UTC
- mto: This revision was merged to the branch mainline in revision 407.
- Revision ID: mhlavink@redhat.com-20090513100656-0hjbaxhk6ycwz559
refuse mounting with too small rsa key (key_mod_openssl)
We can't use small rsa keys. FEK is encrypted with RSA key.
RSA key allows encryption only rsa_key_bitsize/8. We use
41 B for padding and 3 B are used in message from kernel.
So we can encrypt only rsa_key_bitsize/8-41-3 B. But when
using 512 b rsa key, it gives us only 20 B, so we can't use
ecryptfs_key_bytes > 20. Don't allow mounting with
these values. See Red Hat bug #499175.
Signed-off-by: Michal Hlavinka <mhlavink@redhat.com>
We can't use small rsa keys. FEK is encrypted with RSA key.
RSA key allows encryption only rsa_key_bitsize/8. We use
41 B for padding and 3 B are used in message from kernel.
So we can encrypt only rsa_key_bitsize/8-41-3 B. But when
using 512 b rsa key, it gives us only 20 B, so we can't use
ecryptfs_key_bytes > 20. Don't allow mounting with
these values. See Red Hat bug #499175.
Signed-off-by: Michal Hlavinka <mhlavink@redhat.com>
expand all
collapse all
added
removed
