Tests use 512 bit key size but a library requires 1024 bits

[martynia]

Hi, The tests set the key size to 512 bits:(https://github.com/DIRACGrid/diracx/blob/b86ed1180bd05011d5aef8f8327d8c3d2f0a7c34/diracx-core/tests/test_secrets.py#L19)

but the library requires 1024 bits:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../../../../micromamba/envs/test-env/lib/python3.11/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py:142: in generate_private_key
    _verify_rsa_parameters(public_exponent, key_size)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

public_exponent = 65537, key_size = 512

    def _verify_rsa_parameters(public_exponent: int, key_size: int) -> None:
        if public_exponent not in (3, 65537):
            raise ValueError(
                "public_exponent must be either 3 (for legacy compatibility) or "
                "65537. Almost everyone should choose 65537 here!"
            )

        if key_size < 1024:
>           raise ValueError("key_size must be at least 1024-bits.")
E           ValueError: key_size must be at least 1024-bits.

Interestingly my local mamba forge installations has a 512 limit so I could not seen the problem locally...

[fstagni]

I also noticed, just pushed https://github.com/DIRACGrid/diracx/pull/279 let's see if it's enough.

[chaen]

Apparently, we aren't the only one unhappy about that change https://github.com/pyca/cryptography/pull/10278#issuecomment-2278782867

[fstagni]

I guess this can be merged...?

[martynia]

I think it can.