Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is a “128 bit certificate”? Can I create one with OpenSSL?

create OpenSSL
0
Posted

What is a “128 bit certificate”? Can I create one with OpenSSL?

0 CommentsAdd a Comment

1 Answer

0

The term “128 bit certificate” is a highly misleading marketing term. It does *not* refer to the size of the public key in the certificate! A certificate containing a 128 bit RSA key would have negligible security. There were various other names such as “magic certificates”, “SGC certificates”, “step up certificates” etc. You can’t generally create such a certificate using OpenSSL but there is no need to any more. Nowadays web browsers using unrestricted strong encryption are generally available. When there were tight restrictions on the export of strong encryption software from the US only weak encryption algorithms could be freely exported (initially 40 bit and then 56 bit). It was widely recognised that this was inadequate. A relaxation of the rules allowed the use of strong encryption but only to an authorised server.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123