From fb293ef526a2c09d5c7fc32d38a269558e77039c Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <hi@filippo.io>
Date: Mon, 24 May 2021 03:45:43 +0200
Subject: [PATCH] agessh: reject small ssh-rsa keys

Fixes #266
---
 agessh/agessh.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/agessh/agessh.go b/agessh/agessh.go
index 5f88d4f..86a73ac 100644
--- a/agessh/agessh.go
+++ b/agessh/agessh.go
@@ -65,6 +65,9 @@ func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error) {
 	} else {
 		return nil, errors.New("pk does not implement ssh.CryptoPublicKey")
 	}
+	if r.pubKey.Size() < 2048/8 {
+		return nil, errors.New("RSA key size is too small")
+	}
 	return r, nil
 }