NuGet Warning NU3023

Scenario 1

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The timestamp certificate does not meet a minimum public key length requirement.

Issue

The certificate used to timestamp the package signature does not meet a minimum public key length requirement.

Solution

Please ensure that the Timestamp Authority's signing certificate has an RSA public key of length >= 2048 bits.

Scenario 2

Package 'SamplePackage v1.0.0' from source 'https://contoso.com/index.json': The primary signature's timestamp certificate does not meet a minimum public key length requirement.

Issue

The certificate used to timestamp the package signature does not meet a minimum public key length requirement.

Solution

Please ensure that the package signature was timestamped using a signing certificate with an RSA public key of length >= 2048 bits.

Note

When running the nuget verify -signatures command, NU3023 is raised as an error. Otherwise, NU3023 is raised as a warning.