-
Notifications
You must be signed in to change notification settings - Fork 3
/
key_length.py
18 lines (14 loc) · 799 Bytes
/
key_length.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from common import requires_readable_cert
from cryptography.hazmat.primitives.asymmetric import ec, rsa, dsa
@requires_readable_cert
def test_key_length(cert):
'The key length should be for RSA-PSS and DSS minimum 3072, and for EC-DSA 256 bit'
public_key = cert.x509.public_key()
if isinstance(public_key, rsa.RSAPublicKey):
assert public_key.key_size >= 3072, f'RSA Key not long enough: {public_key.key_size}'
elif isinstance(public_key, ec.EllipticCurvePublicKey):
assert public_key.curve.key_size >= 256, f'EC Key not long enough: {public_key.curve.key_size}'
elif isinstance(public_key, dsa.DSAPublicKey):
assert public_key.key_size >= 3072, f'DSA Key not long enough: {public_key.key_size}'
else:
assert False, 'Unsupported key type'