This PR adds a new check to GenerateKeyRSA, NewPublicKeyRSA and NewPrivateKeyRSA that verifies the key length is supported by CNG. The list of supported key lengths can be found dynamically by querying the BCRYPT_KEY_LENGTHS_STRUCT property.
CNG already errors out when signing and encrypting payloads using an unsupported RSA key, but the message is cryptic and it is reported long after the key has been created, which make it difficult to debug. We better error early.
Found while integrating this backend into Go. Lost a couple of hours debugging.
This PR adds a new check to
GenerateKeyRSA
,NewPublicKeyRSA
andNewPrivateKeyRSA
that verifies the key length is supported by CNG. The list of supported key lengths can be found dynamically by querying the BCRYPT_KEY_LENGTHS_STRUCT property.CNG already errors out when signing and encrypting payloads using an unsupported RSA key, but the message is cryptic and it is reported long after the key has been created, which make it difficult to debug. We better error early.
Found while integrating this backend into Go. Lost a couple of hours debugging.