Certificate RSA Key Bytes Lower Than 256

• Query id: 874d68a3-bfbe-4a4b-aaa0-9e74d7da634b
• Query name: Certificate RSA Key Bytes Lower Than 256
• Platform: Terraform
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

The certificate should use a RSA key with a length equal to or higher than 256 bytes
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "aws_api_gateway_domain_name" "example" {
  certificate_body = file("./rsa1024.pem")
  domain_name     = "api.example.com"
}

Postitive test num. 2 - tf file

resource "aws_iam_server_certificate" "test_cert2" {
  name             = "some_test_cert"
  certificate_body = file("./rsa1024.pem")
  private_key      = <<EOF
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
EOF
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_api_gateway_domain_name" "example3" {
  certificate_body = file("./rsa4096.pem")
  domain_name     = "api.example.com"
}

Negative test num. 2 - tf file

resource "aws_iam_server_certificate" "test_cert22" {
  name             = "some_test_cert"
  certificate_body = file("./rsa4096.pem")
  private_key      = <<EOF
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
EOF
}