Baguette/dnsmanager-webclient
3
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable 1024-bit RSA keys because some people live with decade-old setups.

Browse Source
This commit is contained in:
Philippe Pittoli 2024-12-04 09:48:54 +01:00
parent 4ed6287e5c
commit f7e6c10606
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/App/Validation/DNS.purs
View File

@ -263,14 +263,14 @@ validationSPF form = ado
, v = form.v, mechanisms = Just mechanisms
, modifiers = Just modifiers, q = form.q }
-- | Accepted RSA key sizes = 2048 or 4096 bits, 256 bits for ED25519.
-- | Accepted RSA key sizes = 1024, 2048 or 4096 bits, 256 bits for ED25519.
-- |
-- | Since the public key representation for the RSA algorithm is in PKCS format (RFC 5958)
-- | then converted in PEM (RFC 7468), and knowing this format enables some optional parameters,
-- | it is not possible to expect an exact size for the public key input.
-- | Consequently, we expect *at least* an input of 250 bytes for public key, loosely leading
-- | to accept key sizes of at least 2048 bits. Maximum allowed key size is also arbitrary.
rsa_min_key_size = 250 :: Int
-- | Consequently, we expect *at least* an input of 128 bytes for public key, loosely leading
-- | to accept key sizes of at least 1024 bits. Maximum allowed key size is also arbitrary.
rsa_min_key_size = 128 :: Int
rsa_max_key_size = 1000 :: Int
-- | Contrary to RSA, ED25519 doesn't use a PEM-converted PKCS representation to exchange