Open mpalmer opened 7 years ago
What would you think if having a class that tests for weak keys? ROCA is one example, Debian weak keys are another, so are keys with small factors. The class would take a OpenSSL::PKey (rather than cert) so it can be used with CSRs and such.
If you agree, I'll merge then refactor.
Sounds reasonable to have a whole bucket of key-related checks in one place.
Based on sample Python code from https://github.com/crocs-muni/roca.