Closed Bug 989558 Opened 7 years ago Closed 7 years ago

Fix certutil -g keysize description maximum key size

Categories

(NSS :: Documentation, defect, P2)

3.15.2
x86_64
Linux
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.16.1

People

(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

The certutil option description for -g keysize states the maximum is 8192 bits
which is wrong. It has been 16384 for quite some time. 

Additionally, the example for trust arguments has "TCu,Cu,Tuw", the spurious w should be removed.
Assignee: nobody → emaldona
Summary: certutil -g keysize description gives maximum key size in bits of 8192 but should be 16384 → Fix certutil -g keysize description maximum key size
Attachment #8398849 - Flags: review?(rrelyea)
Priority: -- → P2
Target Milestone: --- → 3.16.1
Comment on attachment 8398849 [details] [diff] [review]
fix maximum key size and drop spurious w

r+

Two comments however:  

1) the maximum and minimum key sizes are dictated by certutil itself, but to the version of softoken it uses. If you are generating a key in a different token, the restrictions of keysize would be different (some tokens only support discrete sizes like 1024 and 2048). It's a subtle difference for a seldom used usecase for certutil, so I'm not asking for a change.

2) It's to bad there isn't an easy way to suck this information from the source, but, alas, we can't include a freebl header in a middle of an xml file;). Give the ideal isn't possible, the current change is fine.

bob
Attachment #8398849 - Flags: review?(rrelyea) → review+
Pushed: https://hg.mozilla.org/projects/nss/rev/a21ba103a869
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Blocks: 836477
You need to log in before you can comment on or make changes to this bug.