From d159542108bd6ca49601df22aae71f92bafdbc85 Mon Sep 17 00:00:00 2001 From: Inteon <42113979+inteon@users.noreply.github.com> Date: Mon, 27 Sep 2021 14:13:58 +0200 Subject: [PATCH] switch from rsa to ecdsa Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com> --- pkg/internal/testing/certs/tinyca.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/internal/testing/certs/tinyca.go b/pkg/internal/testing/certs/tinyca.go index ed3c2da65d..55b044c5b3 100644 --- a/pkg/internal/testing/certs/tinyca.go +++ b/pkg/internal/testing/certs/tinyca.go @@ -24,8 +24,9 @@ package certs import ( "crypto" + "crypto/ecdsa" + "crypto/elliptic" crand "crypto/rand" - "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -38,8 +39,8 @@ import ( ) var ( - rsaKeySize = 2048 // a decent number, as of 2019 - bigOne = big.NewInt(1) + ellipticCurve = elliptic.P256() + bigOne = big.NewInt(1) ) // CertPair is a private key and certificate for use for client auth, as a CA, or serving. @@ -86,7 +87,7 @@ type TinyCA struct { // newPrivateKey generates a new private key of a relatively sane size (see // rsaKeySize). func newPrivateKey() (crypto.Signer, error) { - return rsa.GenerateKey(crand.Reader, rsaKeySize) + return ecdsa.GenerateKey(ellipticCurve, crand.Reader) } // NewTinyCA creates a new a tiny CA utility for provisioning serving certs and client certs FOR TESTING ONLY.