From 23feb301031196a85ef9b9c02c60061748c94da5 Mon Sep 17 00:00:00 2001
From: Dave Henderson <dhenderson@gmail.com>
Date: Thu, 23 Sep 2021 20:56:56 -0400
Subject: crypto.RSAGenerateKey - Enforce key length of at least 2048 bits
 (#1214)

Signed-off-by: Dave Henderson <dhenderson@gmail.com>
---
 docs-src/content/functions/crypto.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'docs-src')

diff --git a/docs-src/content/functions/crypto.yml b/docs-src/content/functions/crypto.yml
index 1602b5d9..de64a8d8 100644
--- a/docs-src/content/functions/crypto.yml
+++ b/docs-src/content/functions/crypto.yml
@@ -169,13 +169,16 @@ funcs:
       Default key length is 4096 bits, which should be safe enough for most
       uses, but can be overridden with the optional `bits` parameter.
 
+      In order to protect against [CWE-326](https://cwe.mitre.org/data/definitions/326.html),
+      keys shorter than `2048` bits may not be generated.
+
       The output is a string, suitable for use with the other `crypto.RSA*`
       functions.
     pipeline: true
     arguments:
       - name: bits
         required: false
-        description: bit size of the generated key. Defaults to `4096`
+        description: Length in bits of the generated key. Must be at least `2048`. Defaults to `4096`
     examples:
       - |
         $ gomplate -i '{{ crypto.RSAGenerateKey }}'
-- 
cgit v1.2.3