Closed avalor1 closed 1 month ago
rndmh3ro
commented
1 year ago LGTM!
However this would be a breaking change, right? Existing keys will be recreated..
As per docs from community.crypto.openssl_privatekey:
By default, the key will be regenerated when it does not match the module's options, except when the key cannot be read or the passphrase does not match.
darkspadez
commented
2 months ago Is this something that will be merged soon? or if we need we should just cherry-pick it?
avalor1
commented
1 month ago Hi, @darkspadez i will resolve conflicts and merge this PR today or in the next days. Sorry for the wait
Defaults for key size and curve are oriented on recomendations from https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_module.html#parameter-curve and https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8.
If a type is used which does not use curves the openssl modul seems to ignore the value thus does not affect the creation of other key types. I tested it with RSA.