upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-06 15:22:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #175 from ThomasWaldmann/keysize

Browse source 
support --keysize N cmdline param to give RSA key size
This commit is contained in:
James Kasten 2015-01-23 15:24:34 -08:00
commit 6a501c1380
4 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
letsencrypt/client/client.py
View file

@ -330,7 +330,7 @@ def validate_key_csr(privkey, csr=None):
"The key and CSR do not match")
def init_key():
def init_key(key_size):
"""Initializes privkey.
Inits key and CSR using provided files or generating new files
@ -339,7 +339,12 @@ def init_key():
the namedtuple to easily work with the protocol.
"""
key_pem = crypto_util.make_key(CONFIG.RSA_KEY_SIZE)
try:
key_pem = crypto_util.make_key(key_size)
except ValueError as err:
logging.fatal(str(err))
logging.info("Note: The default RSA key size is %d bits.", CONFIG.RSA_KEY_SIZE)
sys.exit(1)
# Save file
le_util.make_or_verify_dir(CONFIG.KEY_DIR, 0o700)
@ -348,7 +353,7 @@ def init_key():
key_f.write(key_pem)
key_f.close()
logging.info("Generating key: %s", key_filename)
logging.info("Generating key (%d bits): %s", key_size, key_filename)
return Client.Key(key_filename, key_pem)

2
letsencrypt/client/crypto_util.py
View file

@ -145,7 +145,7 @@ def csr_matches_pubkey(csr, privkey):
# based on M2Crypto unit test written by Toby Allsopp
def make_key(bits=CONFIG.RSA_KEY_SIZE):
def make_key(bits):
"""Generate PEM encoded RSA key.
:param int bits: Number of bits, at least 1024.

2
letsencrypt/client/tests/crypto_util_test.py
View file

@ -98,6 +98,8 @@ class MakeKeyTest(unittest.TestCase):
def test_it(self):
from letsencrypt.client.crypto_util import make_key
M2Crypto.RSA.load_key_string(make_key(1024))
M2Crypto.RSA.load_key_string(make_key(2048))
M2Crypto.RSA.load_key_string(make_key(4096))
class ValidPrivkeyTest(unittest.TestCase):

5
letsencrypt/scripts/main.py
View file

@ -37,6 +37,9 @@ def main():
parser.add_argument("-b", "--rollback", dest="rollback", type=int,
default=0, metavar="N",
help="Revert configuration N number of checkpoints.")
parser.add_argument("-B", "--keysize", dest="key_size", type=int,
default=CONFIG.RSA_KEY_SIZE, metavar="N",
help="RSA key shall be sized N bits. [%d]" % CONFIG.RSA_KEY_SIZE)
parser.add_argument("-k", "--revoke", dest="revoke", action="store_true",
help="Revoke a certificate.")
parser.add_argument("-v", "--view-config-changes",
@ -100,7 +103,7 @@ def main():
# Prepare for init of Client
if args.privkey is None:
privkey = client.init_key()
privkey = client.init_key(args.key_size)
else:
privkey = client.Client.Key(args.privkey[0], args.privkey[1])