LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-21 22:13:40 +01:00
Code Issues Releases Wiki Activity

properly detect ECDSA certs for keysize compare

Browse Source 
since ECDSA certificates during the transition are likely to be
signed using RSA keys, we need to check the cipher rather than the
signature in the certificate to tell if the cert is ECDSA and as such
can have small key sizes
This commit is contained in:
Hubert Kario 2015-11-17 15:31:46 +01:00
parent 1e65be5fd5
commit 4d77c87494
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cipherscan
View File

@ -762,6 +762,7 @@ display_results_in_terminal() {
fi
local cipher_data=($cipher)
if [[ $ctr -eq 1 ]]; then
cipher="${cipher_data[1]}"
pubkey="${cipher_data[2]}"
sigalg="${cipher_data[3]}"
trusted="${cipher_data[4]}"
@ -826,7 +827,7 @@ display_results_in_terminal() {
done|column -t
echo
if [[ ($sigalg =~ RSA && $pubkey -ge 2047) || ($sigalg =~ ECDSA && $pubkey -gt 255) ]]; then
if [[ ($sigalg =~ RSA && $pubkey -ge 2047) || ($cipher =~ ECDSA && $pubkey -gt 255) ]]; then
pubkey="${c_green}${pubkey}${c_reset}"
else
pubkey="${c_red}${pubkey}${c_reset}"