add -b|--bits flag to ssh-key

This commit is contained in:
do butterflies cry? 2026-01-21 15:36:42 +10:00
parent f9d0b56f97
commit 8004efa606

View file

@ -34,6 +34,7 @@ ${BOLD}${UNDERLINE}${RED}Options${RESET}
# ==== Argument Values ==== # ==== Argument Values ====
TYPE='rsa' TYPE='rsa'
ROUNDS='100' ROUNDS='100'
BITS=''
COMMENT='' COMMENT=''
OUT='' OUT=''
NOPASSWD=false NOPASSWD=false
@ -63,6 +64,10 @@ while [[ $# -gt 0 ]]; do
shift shift
ROUNDS="$1"; shift ROUNDS="$1"; shift
;; ;;
-b|--bits)
shift
BITS="$1"; shift
;;
-N|--nopasswd) -N|--nopasswd)
shift shift
NOPASSWD=true NOPASSWD=true
@ -88,9 +93,29 @@ fi
case "$TYPE" in case "$TYPE" in
ed25519) ed25519)
# NOTE: the value of BITS does not matter for Ed25519
# NOTE: as it operates on a fixed size elliptic curve
if [[ -n "$BITS" ]]; then
BITS='256'
fi
;; ;;
rsa) rsa)
EXTRA="$EXTRA -b 4096" if [[ -n "$BITS" ]]; then
BITS='4096'
else
case "$BITS" in
2048)
echo -e "${BOLD}${UNDERLINE}${YELLOW}WARNING${RESET}${BOLD}: Although ${MAGENTA}2048-bit RSA keys${YELLOW} are considered secure,${RESET}" >&2
echo -e "${BOLD}${UNDERLINE}${YELLOW}WARNING${RESET}${BOLD}: it is the growing opinion that these will not be soon.${RESET}" >&2
echo -e "${BOLD}${UNDERLINE}${YELLOW}WARNING${RESET}${BOLD}: ${GREEN}Consider using a minimum of ${MAGENTA}3072-bit${YELLOW}, or ideally ${MAGENTA}4096-bit.${RESET}" >&2
;;
3072|4096|8192) true
;;
*)
throw-badval 1 "$BITS" '-b|--bits'
;;
esac
fi
;; ;;
*) *)
throw-badval 1 "$TYPE" '-t|--type' throw-badval 1 "$TYPE" '-t|--type'