Weak Authenticode signature RSA key size
ID PE173 Level ERROR Category Security
Description
Authenticode signature RSA key size is too small. This may allow an attacker to modify the executable while keeping the signature valid.
Mitigation
- Use larger RSA key size for your private key. The smallest secure key size is considered
2048bits. - When using
opensslto generate the RSA private key, use thersa_keygen_bitsoption to specify the key size. Example:openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048. See theopenssldocumentation for more details.
Arguments
This rule has the following output arguments:
-
signature_info- Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)") -
key_size- Weak RSA key size used in the signature -
min_key_size- Recommended RSA key size
Loading...
Unable to load this documentation page.