crypto.RSAGenerateKey - Enforce key length of at least 2048 bits (#1214)

Signed-off-by: Dave Henderson <dhenderson@gmail.com>
author: Dave Henderson <dhenderson@gmail.com> 2021-09-23 20:56:56 -0400
committer: GitHub <noreply@github.com> 2021-09-24 00:56:56 +0000
commit: 23feb301031196a85ef9b9c02c60061748c94da5 (patch)
tree: 08e42a49655d5f9ffb58b432ef14451dbdb15294 /docs-src/content
parent: 8eabd243f4ecae6a76a37121ea56e644e8b0f9d6 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/docs-src/content/functions/crypto.yml b/docs-src/content/functions/crypto.yml
index 1602b5d9..de64a8d8 100644
--- a/docs-src/content/functions/crypto.yml
+++ b/docs-src/content/functions/crypto.yml
@@ -169,13 +169,16 @@ funcs:
       Default key length is 4096 bits, which should be safe enough for most
       uses, but can be overridden with the optional `bits` parameter.
 
+      In order to protect against [CWE-326](https://cwe.mitre.org/data/definitions/326.html),
+      keys shorter than `2048` bits may not be generated.
+
       The output is a string, suitable for use with the other `crypto.RSA*`
       functions.
     pipeline: true
     arguments:
       - name: bits
         required: false
-        description: bit size of the generated key. Defaults to `4096`
+        description: Length in bits of the generated key. Must be at least `2048`. Defaults to `4096`
     examples:
       - |
         $ gomplate -i '{{ crypto.RSAGenerateKey }}'
author	Dave Henderson <dhenderson@gmail.com>	2021-09-23 20:56:56 -0400
committer	GitHub <noreply@github.com>	2021-09-24 00:56:56 +0000
commit	23feb301031196a85ef9b9c02c60061748c94da5 (patch)
tree	08e42a49655d5f9ffb58b432ef14451dbdb15294 /docs-src/content
parent	8eabd243f4ecae6a76a37121ea56e644e8b0f9d6 (diff)