cmdgen: refuse to generate RSA/DSA keys under 256 bits.

This replicates the existing error message in Windows PuTTYgen, on the
basis that keys smaller than that will actually fail to work with our
signing code.

diff --git a/cmdgen.c b/cmdgen.c
index ac56ab3e58c48f922adc5290b4a8a2a9b9c057b0..94ce49eaaebc190c37add9b6050fdc9ba1fe1d42 100644 (file)
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -515,6 +515,14 @@ int main(int argc, char **argv)
         errs = TRUE;
     }
 
+    if (keytype == RSA2 || keytype == RSA1 || keytype == DSA) {
+        if (bits < 256) {
+            fprintf(stderr, "puttygen: cannot generate %s keys shorter than"
+                    " 256 bits\n", (keytype == DSA ? "DSA" : "RSA"));
+            errs = TRUE;
+        }
+    }
+
     if (errs)
        return 1;