c533991519
German Federal Office for Information Security requests in its technical guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits starting 2024, in the year 2023 3000bits as a recommendation. Gitea should request longer RSA Keys by default in favor of security and drop old clients which do not support longer keys. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9 - Page 19, Table 1.2 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
48 lines
1.5 KiB
Go
48 lines
1.5 KiB
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package activitypub
|
|
|
|
import (
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/util"
|
|
)
|
|
|
|
const rsaBits = 3072
|
|
|
|
// GetKeyPair function returns a user's private and public keys
|
|
func GetKeyPair(user *user_model.User) (pub, priv string, err error) {
|
|
var settings map[string]*user_model.Setting
|
|
settings, err = user_model.GetSettings(user.ID, []string{user_model.UserActivityPubPrivPem, user_model.UserActivityPubPubPem})
|
|
if err != nil {
|
|
return pub, priv, err
|
|
} else if len(settings) == 0 {
|
|
if priv, pub, err = util.GenerateKeyPair(rsaBits); err != nil {
|
|
return pub, priv, err
|
|
}
|
|
if err = user_model.SetUserSetting(user.ID, user_model.UserActivityPubPrivPem, priv); err != nil {
|
|
return pub, priv, err
|
|
}
|
|
if err = user_model.SetUserSetting(user.ID, user_model.UserActivityPubPubPem, pub); err != nil {
|
|
return pub, priv, err
|
|
}
|
|
return pub, priv, err
|
|
} else {
|
|
priv = settings[user_model.UserActivityPubPrivPem].SettingValue
|
|
pub = settings[user_model.UserActivityPubPubPem].SettingValue
|
|
return pub, priv, err
|
|
}
|
|
}
|
|
|
|
// GetPublicKey function returns a user's public key
|
|
func GetPublicKey(user *user_model.User) (pub string, err error) {
|
|
pub, _, err = GetKeyPair(user)
|
|
return pub, err
|
|
}
|
|
|
|
// GetPrivateKey function returns a user's private key
|
|
func GetPrivateKey(user *user_model.User) (priv string, err error) {
|
|
_, priv, err = GetKeyPair(user)
|
|
return priv, err
|
|
}
|