KMCS (64-bit driver signing) question about RSA key length (2,048bits okay?)

Discussion in 'Windows 64bit' started by David Schwartz, Apr 15, 2009.

  1. All the tools that want to generate a CSR or key for 64-bit driver
    signing seem to want to create 1,024-bit RSA keys by default. I'd
    prefer to use a 2,048-bit RSA key. I'm concerned that these tools have
    made this hard for a reason -- perhaps Vista's kernel-mode signature
    checker can't handle a 2,048-bit key or the signing tools will barf on
    it or something.

    Can someone confirm for me that it's safe to use a 2,048-bit RSA key
    for Vista 64-bit driver signing? Or can someone tell me that it won't
    work?

    Thanks in advance.

    DS
     
    David Schwartz, Apr 15, 2009
    #1
    1. Advertising

  2. David Schwartz

    Nick Newland Guest

    RE: KMCS (64-bit driver signing) question about RSA key length (2,048

    2048 bit keys should be fine as some of the root CA providers use keys of
    this length. I assume generating the key is for test signing the drivers?

    "David Schwartz" wrote:

    > All the tools that want to generate a CSR or key for 64-bit driver
    > signing seem to want to create 1,024-bit RSA keys by default. I'd
    > prefer to use a 2,048-bit RSA key. I'm concerned that these tools have
    > made this hard for a reason -- perhaps Vista's kernel-mode signature
    > checker can't handle a 2,048-bit key or the signing tools will barf on
    > it or something.
    >
    > Can someone confirm for me that it's safe to use a 2,048-bit RSA key
    > for Vista 64-bit driver signing? Or can someone tell me that it won't
    > work?
    >
    > Thanks in advance.
    >
    > DS
    >
     
    Nick Newland, Apr 15, 2009
    #2
    1. Advertising

  3. Re: KMCS (64-bit driver signing) question about RSA key length (2,048

    On Apr 15, 12:44 pm, Nick Newland
    <> wrote:

    > 2048 bit keys should be fine as some of the root CA providers use keys of
    > this length.


    I think that's true. I checked the cross-certificates, and some of
    them use 2,048-bit keys.

    > I assume generating the key is for test signing the drivers?


    It's for real, live deployed signing. Unsigned drivers can't be loaded
    by 64-bit Vista.

    DS
     
    David Schwartz, Apr 15, 2009
    #3
  4. David Schwartz

    Tim Roberts Guest

    Re: KMCS (64-bit driver signing) question about RSA key length (2,048

    David Schwartz <> wrote:

    >On Apr 15, 12:44 pm, Nick Newland
    ><> wrote:
    >
    >> 2048 bit keys should be fine as some of the root CA providers use keys of
    >> this length.

    >
    >I think that's true. I checked the cross-certificates, and some of
    >them use 2,048-bit keys.
    >
    >> I assume generating the key is for test signing the drivers?

    >
    >It's for real, live deployed signing. Unsigned drivers can't be loaded
    >by 64-bit Vista.


    True. You're clear that KMCS requires a certificate issued by the one of
    the short list of approved code-signing providers? You can't self-sign?
    --
    Tim Roberts,
    Providenza & Boekelheide, Inc.
     
    Tim Roberts, Apr 17, 2009
    #4
  5. Re: KMCS (64-bit driver signing) question about RSA key length (2,048

    On Apr 16, 9:20 pm, Tim Roberts <> wrote:

    > True.  You're clear that KMCS requires a certificate issued by the one of
    > the short list of approved code-signing providers?  You can't self-sign?


    Yep. We're going with GlobalSign.

    DS
     
    David Schwartz, Apr 17, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. St V I

    RSA key generation

    St V I, Jan 27, 2004, in forum: Cisco
    Replies:
    0
    Views:
    557
    St V I
    Jan 27, 2004
  2. Michael W. Hubbard

    crypto key generate rsa error

    Michael W. Hubbard, Dec 3, 2005, in forum: Cisco
    Replies:
    5
    Views:
    14,518
    kcrumz
    Aug 8, 2008
  3. =?Utf-8?B?U2NvdHQxOTY5?=

    Vista 64 bit Driver Signing

    =?Utf-8?B?U2NvdHQxOTY5?=, Feb 3, 2007, in forum: Windows 64bit
    Replies:
    2
    Views:
    388
    =?Utf-8?B?U2NvdHQxOTY5?=
    Feb 3, 2007
  4. =?Utf-8?B?YnJvY2NvbGliZWVm?=

    Disabling Driver Signing Enforcement in Vista 64 bit

    =?Utf-8?B?YnJvY2NvbGliZWVm?=, Nov 8, 2007, in forum: Windows 64bit
    Replies:
    4
    Views:
    795
    =?Utf-8?B?YnJvY2NvbGliZWVm?=
    Nov 8, 2007
  5. Daniel Moore

    what is RSA keylength the length of?

    Daniel Moore, Apr 28, 2008, in forum: Computer Security
    Replies:
    4
    Views:
    476
    Unruh
    Apr 29, 2008
Loading...

Share This Page