PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

How to enable mbedTLS to validate certificates with RSA 1024?


Aug 24, 2017 08:01
Ste

When I use the command line "mbedtls_cert_app mode='file' filename=1.pem ca_file=ca.pem", mbedTLS failed to validate the certificate for its too short RSA (RSA 1024).

How to enable mbedTLS to validate certificates with RSA 1024 in command line?

 
Aug 24, 2017 08:28
Ron Eldor

Hi Ste,
The reason that 1024 bit key size signed certificate fails, is as you said, it's too short. 1024 bit size key is considered obsolete, and not secured, so you should not encounter such certificates in real use case.
In addition, our programs are for reference only, and do not cover all functionality. If you wish to test your own certificate, signed with a 1024 bit size key, you should replace the call for mbedtls_x509_crt_verify with mbedtls_x509_crt_verify_with_profile and use a your profile as input parameter, similar to mbedtls_x509_crt_profile_default, except 1024 will be the minimal key size instead of 2048.
Regards,
Mbed TLS Team member
Ron

 
Aug 24, 2017 11:00
Ste

Thank you for your answer!