From 3f1bb37560c545334a5ada4976542cf1aab2910f Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 28 Jan 2016 17:46:28 -0500 Subject: [PATCH] Clarify that keys with sizes lower than what we recommend may still be imported --- tuf/keys.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tuf/keys.py b/tuf/keys.py index 12a65953..48b9b48c 100755 --- a/tuf/keys.py +++ b/tuf/keys.py @@ -177,7 +177,10 @@ def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS): Although the PyCrypto crytography library called sets a 1024-bit minimum key size, generate() enforces a minimum key size of 2048 bits. If 'bits' is unspecified, a 3072-bit RSA key is generated, which is the key size - recommended by TUF. + recommended by TUF. These key size restrictions are only enforced for keys + generated within TUF. RSA keys with sizes lower than what we + recommended may still be imported (e.g., with + import_rsakey_from_encrypted_pem(). >>> rsa_key = generate_rsa_key(bits=2048) >>> tuf.formats.RSAKEY_SCHEMA.matches(rsa_key)