forked from TrueCloudLab/lego
feat: add RSA 3072 (#1856)
This commit is contained in:
parent
1b98b20058
commit
27a2c014f7
4 changed files with 7 additions and 2 deletions
|
@ -25,6 +25,7 @@ const (
|
||||||
EC256 = KeyType("P256")
|
EC256 = KeyType("P256")
|
||||||
EC384 = KeyType("P384")
|
EC384 = KeyType("P384")
|
||||||
RSA2048 = KeyType("2048")
|
RSA2048 = KeyType("2048")
|
||||||
|
RSA3072 = KeyType("3072")
|
||||||
RSA4096 = KeyType("4096")
|
RSA4096 = KeyType("4096")
|
||||||
RSA8192 = KeyType("8192")
|
RSA8192 = KeyType("8192")
|
||||||
)
|
)
|
||||||
|
@ -121,6 +122,8 @@ func GeneratePrivateKey(keyType KeyType) (crypto.PrivateKey, error) {
|
||||||
return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
|
return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
|
||||||
case RSA2048:
|
case RSA2048:
|
||||||
return rsa.GenerateKey(rand.Reader, 2048)
|
return rsa.GenerateKey(rand.Reader, 2048)
|
||||||
|
case RSA3072:
|
||||||
|
return rsa.GenerateKey(rand.Reader, 3072)
|
||||||
case RSA4096:
|
case RSA4096:
|
||||||
return rsa.GenerateKey(rand.Reader, 4096)
|
return rsa.GenerateKey(rand.Reader, 4096)
|
||||||
case RSA8192:
|
case RSA8192:
|
||||||
|
|
|
@ -50,7 +50,7 @@ func CreateFlags(defaultPath string) []cli.Flag {
|
||||||
Name: "key-type",
|
Name: "key-type",
|
||||||
Aliases: []string{"k"},
|
Aliases: []string{"k"},
|
||||||
Value: "ec256",
|
Value: "ec256",
|
||||||
Usage: "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384.",
|
Usage: "Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384.",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "filename",
|
Name: "filename",
|
||||||
|
|
|
@ -65,6 +65,8 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType {
|
||||||
switch strings.ToUpper(keyType) {
|
switch strings.ToUpper(keyType) {
|
||||||
case "RSA2048":
|
case "RSA2048":
|
||||||
return certcrypto.RSA2048
|
return certcrypto.RSA2048
|
||||||
|
case "RSA3072":
|
||||||
|
return certcrypto.RSA3072
|
||||||
case "RSA4096":
|
case "RSA4096":
|
||||||
return certcrypto.RSA4096
|
return certcrypto.RSA4096
|
||||||
case "RSA8192":
|
case "RSA8192":
|
||||||
|
|
|
@ -38,7 +38,7 @@ GLOBAL OPTIONS:
|
||||||
--http.port value Set the port and interface to use for HTTP based challenges to listen on.Supported: interface:port or :port. (default: ":80")
|
--http.port value Set the port and interface to use for HTTP based challenges to listen on.Supported: interface:port or :port. (default: ":80")
|
||||||
--http.proxy-header value Validate against this HTTP header when solving HTTP based challenges behind a reverse proxy. (default: "Host")
|
--http.proxy-header value Validate against this HTTP header when solving HTTP based challenges behind a reverse proxy. (default: "Host")
|
||||||
--http.webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge
|
--http.webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge
|
||||||
--key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
|
--key-type value, -k value Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
|
||||||
--kid value Key identifier from External CA. Used for External Account Binding.
|
--kid value Key identifier from External CA. Used for External Account Binding.
|
||||||
--path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]
|
--path value Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]
|
||||||
--pem Generate a .pem file by concatenating the .key and .crt files together. (default: false)
|
--pem Generate a .pem file by concatenating the .key and .crt files together. (default: false)
|
||||||
|
|
Loading…
Reference in a new issue