From de87c8a4df48ce10c3edfa3839da2f46416c948a Mon Sep 17 00:00:00 2001
From: Leigh B Stoller <stoller@flux.utah.edu>
Date: Wed, 14 Nov 2018 10:43:23 -0700
Subject: [PATCH] Start generating 2048 bit keys to make Nick happy (or maybe
 just a bit less unhappy).

---
 account/mksyscert.in  | 2 +-
 account/mkusercert.in | 2 +-
 ssl/GNUmakefile.in    | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/account/mksyscert.in b/account/mksyscert.in
index 6ede8542f9..8d5dbb829c 100755
--- a/account/mksyscert.in
+++ b/account/mksyscert.in
@@ -298,7 +298,7 @@ if( defined( $oldkeyfile ) ) {
     my $genopts =
 	($encrypted ? " -passout 'pass:${sh_password}' -des3 " : "");
 
-    system("$OPENSSL genrsa $genopts -out syscert_key.pem 1024")
+    system("$OPENSSL genrsa $genopts -out syscert_key.pem 2048")
 	    == 0 or fatal("Could generate new key");
     
     system("$OPENSSL req -text -new -config syscert.cnf ".
diff --git a/account/mkusercert.in b/account/mkusercert.in
index 4118300775..acd871998b 100755
--- a/account/mkusercert.in
+++ b/account/mkusercert.in
@@ -401,7 +401,7 @@ sub CreateNewCert() {
 	my $genopts =
 	    ($encrypted ? " -passout 'pass:${sh_password}' -des3 " : "");
 
-	system("$OPENSSL genrsa $genopts -out usercert_key.pem 1024")
+	system("$OPENSSL genrsa $genopts -out usercert_key.pem 2048")
 	    == 0 or fatal("Could generate new key");
     }
     my $reqopts = ($encrypted ? "-passin 'pass:${sh_password}' " : "");
diff --git a/ssl/GNUmakefile.in b/ssl/GNUmakefile.in
index 21e89f6c43..e685b8a47b 100644
--- a/ssl/GNUmakefile.in
+++ b/ssl/GNUmakefile.in
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2000-2017 University of Utah and the Flux Group.
+# Copyright (c) 2000-2018 University of Utah and the Flux Group.
 # 
 # {{{EMULAB-LICENSE
 # 
@@ -159,7 +159,7 @@ emulab_privkey.pem:
 	# Generate a priv key for signing stuff. This one gets a
 	# passphrase.
 	# 
-	openssl genrsa -out emulab_privkey.pem -des3
+	openssl genrsa -out emulab_privkey.pem -des3 2048
 
 emulab_pubkey.pem:	emulab_privkey.pem
 	#
@@ -173,7 +173,7 @@ emulab_pubkey.pem:	emulab_privkey.pem
 # by you and writable. 
 #
 %.key:
-	openssl genrsa -out $@ -rand .rand 1024
+	openssl genrsa -out $@ -rand .rand 2048
 
 # The point of the this is to recover the keys from where they were
 # originally installed. We do this cause people often lose their
-- 
GitLab