agessh: reject small ssh-rsa keys

Fixes #266
2026-01-03 10:55:14 +00:00 · 2021-05-24 03:45:43 +02:00
parent b59a9ecb5d
commit 6f86a7f520
2 changed files with 4 additions and 1 deletions
--- a/agessh/agessh.go
+++ b/agessh/agessh.go
@@ -65,6 +65,9 @@ func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error) {
 	} else {
 		return nil, errors.New("pk does not implement ssh.CryptoPublicKey")
 	}
+	if r.pubKey.Size() < 2048/8 {
+		return nil, errors.New("RSA key size is too small")
+	}
 	return r, nil
 }

--- a/agessh/agessh_test.go
+++ b/agessh/agessh_test.go
@@ -19,7 +19,7 @@ import (
 )

 func TestSSHRSARoundTrip(t *testing.T) {
-	pk, err := rsa.GenerateKey(rand.Reader, 768)
+	pk, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		t.Fatal(err)
 	}