Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
authentication
Describe the bug
When configuring a client to use the "Signed Jwt" authenticator with a signature algorithm other than RS256, the key generation from the "Keys" tab still produces an RSA key with a 2048-bit modulus and a validity period of 10 years. According to NIST SP 800-78-5, 2048-bit RSA keys are acceptable for use through 2030, but beyond that, 3072-bit keys are recommended to maintain at least 128 bits of security strength. Likewise, ANSSI’s TLS recommendations tolerate 2048-bit RSA only for short-term needs and advise the use of 3072-bit or higher for long-term protection of sensitive data.
In addition to key size, shorter lifespans help limit exposure in case of key compromise. While NIST does not prescribe exact lifetimes for authentication keys, limiting them to three years or less is considered best practice. Enable admins to use 3072-bit RSA keys with a three-year validity period would align with both NIST and ANSSI guidance.
Version
26.1.4
Regression
- The issue is a regression
Expected behavior
Keycloak should generate a private key and certificate pair that corresponds to the selected signature algorithm with a validity period of no more than 3 years.
Actual behavior
Keycloak generates an RSA key pair with a 2048-bit modulus and a validity period of 10 years.
How to Reproduce?
- Go to the Keycloak admin console.
- Create a new client or select an existing one.
- Navigate to the "Credentials" tab.
- Set "Client Authenticator" to "Signed Jwt".
- Choose any "Signature algorithm" other than RS256 (e.g., ES256, HS256).
- Go to the "Keys" tab.
- Click on "Generate new keys".
- Export the generated key pair as a PKCS#12 container.
- Extract the certificate and examine its validity period.
Anything else?
No response