Update default key sizes and hash to up-to-date values

Update the documentation and example scripts to use 2048 bit RSA keys
and sha256.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

examples/ima-gen-local-ca.sh

@@ -22,7 +22,7 @@ authorityKeyIdentifier=keyid:always,issuer
 # keyUsage = cRLSign, keyCertSign
 __EOF__
 
-openssl req -new -x509 -utf8 -sha1 -days 3650 -batch -config $GENKEY \
+openssl req -new -x509 -utf8 -sha256 -days 3650 -batch -config $GENKEY \
 		-outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv
 
 openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem

examples/ima-genkey-self.sh

@@ -4,7 +4,7 @@ GENKEY=x509_evm.genkey
 
 cat << __EOF__ >$GENKEY
 [ req ]
-default_bits = 1024
+default_bits = 2048
 distinguished_name = req_distinguished_name
 prompt = no
 string_mask = utf8only
@@ -22,7 +22,7 @@ subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid
 __EOF__
 
-openssl req -x509 -new -nodes -utf8 -sha1 -days 3650 -batch -config $GENKEY \
+openssl req -x509 -new -nodes -utf8 -sha256 -days 3650 -batch -config $GENKEY \
 		-outform DER -out x509_evm.der -keyout privkey_evm.pem
 
 openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem

examples/ima-genkey.sh

@@ -4,7 +4,7 @@ GENKEY=ima.genkey
 
 cat << __EOF__ >$GENKEY
 [ req ]
-default_bits = 1024
+default_bits = 2048
 distinguished_name = req_distinguished_name
 prompt = no
 string_mask = utf8only
@@ -25,7 +25,7 @@ authorityKeyIdentifier=keyid
 #authorityKeyIdentifier=keyid,issuer
 __EOF__
 
-openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \
+openssl req -new -nodes -utf8 -sha256 -days 365 -batch -config $GENKEY \
 		-out csr_ima.pem -keyout privkey_ima.pem
 openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \
 		-CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \