Add RSA key generation #230
Conversation
There was a problem hiding this comment.
Thanks for picking this up!
I think this should come with at least one unit test to prevent regressions and to demonstrate the feature works as intended.
It also looks like we could probably drop the dev dependency on the rsa crate now? It's only used in the rsa-irc.rs example for key generation and I think it would be better to show Rcgen doing this natively. The rsa crate has an unresolved vulnerability that makes its removal from rcgen particularly tempting IMO.
|
One more thought: It would be ideal to also see rcgen/rustls-cert-gen/src/cert.rs Lines 205 to 212 in 3c3e984 |
|
Thanks for the reviews, will look into addressing them tomorrow. |
| @@ -205,6 +205,7 @@ impl EndEntityBuilder { | |||
| /// Supported Keypair Algorithms | |||
| #[derive(Clone, Copy, Debug, Default, Bpaf, PartialEq)] | |||
| pub enum KeyPairAlgorithm { | |||
| Rsa, | |||
There was a problem hiding this comment.
Should this enum variant maybe carry RsaKeySize now that the rcgen side supports specifying key size?
There was a problem hiding this comment.
Maybe, yeah, happy to see followup PRs for it.
Yeah we can drop it I think, but would prefer to do it in a followup. |
| #[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)] | ||
| #[non_exhaustive] | ||
| pub enum RsaKeySize { | ||
| _2048, |
There was a problem hiding this comment.
Nit: the _ prefix looks unidiomatic to me, but not sure I have a better idea.
There was a problem hiding this comment.
Yeah, not really perfect. r#2048 doesn't work, but I like _2048 more than Rsa2048.
Uses the recently added RSA key generation support of aws-lc-rs.
Fixes #229