Potential fix for code scanning alert no. 2: Use of a weak cryptographic key

wardviaene · github-advanced-security[bot] · web-flow · commit 2f61277a8a13 · 2025-11-11T16:37:16.000-06:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/tls-demo/pkg/key/rsa.go b/tls-demo/pkg/key/rsa.go
@@ -10,6 +10,9 @@ import (
 )
 
 func CreateRSAPrivateKey(n int) (*rsa.PrivateKey, error) {
+	if n < 2048 {
+		return nil, fmt.Errorf("RSA key length too small: %d bits. Minimum is 2048 bits", n)
+	}
 	return rsa.GenerateKey(rand.Reader, n)
 }
 
@@ -21,6 +24,9 @@ func RSAPrivateKeyToPEM(privateKey *rsa.PrivateKey) *pem.Block {
 }
 
 func CreateRSAPrivateKeyAndSave(path string, n int) error {
+	if n < 2048 {
+		return fmt.Errorf("RSA key length too small: %d bits. Minimum is 2048 bits", n)
+	}
 	privateKey, err := CreateRSAPrivateKey(n)
 	if err != nil {
 		return err

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,9 @@ import (`
`10`	`10`	`)`
`11`	`11`
`12`	`12`	`func CreateRSAPrivateKey(n int) (*rsa.PrivateKey, error) {`
	`13`	`+ if n < 2048 {`
	`14`	`+ return nil, fmt.Errorf("RSA key length too small: %d bits. Minimum is 2048 bits", n)`
	`15`	`+ }`
`13`	`16`	`return rsa.GenerateKey(rand.Reader, n)`
`14`	`17`	`}`
`15`	`18`
`@@ -21,6 +24,9 @@ func RSAPrivateKeyToPEM(privateKey rsa.PrivateKey) pem.Block {`
`21`	`24`	`}`
`22`	`25`
`23`	`26`	`func CreateRSAPrivateKeyAndSave(path string, n int) error {`
	`27`	`+ if n < 2048 {`
	`28`	`+ return fmt.Errorf("RSA key length too small: %d bits. Minimum is 2048 bits", n)`
	`29`	`+ }`
`24`	`30`	`privateKey, err := CreateRSAPrivateKey(n)`
`25`	`31`	`if err != nil {`
`26`	`32`	`return err`