diff --git a/cmdgen.c b/cmdgen.c index 94ce49ea..265e5adc 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -223,6 +223,8 @@ static char *readpassphrase(const char *filename) return line; } +#define DEFAULT_RSADSA_BITS 2048 + int main(int argc, char **argv) { char *infile = NULL; @@ -500,7 +502,7 @@ int main(int argc, char **argv) bits = 256; break; default: - bits = 2048; + bits = DEFAULT_RSADSA_BITS; break; } } @@ -520,6 +522,11 @@ int main(int argc, char **argv) fprintf(stderr, "puttygen: cannot generate %s keys shorter than" " 256 bits\n", (keytype == DSA ? "DSA" : "RSA")); errs = TRUE; + } else if (bits < DEFAULT_RSADSA_BITS) { + fprintf(stderr, "puttygen: warning: %s keys shorter than" + " %d bits are probably not secure\n", + (keytype == DSA ? "DSA" : "RSA"), DEFAULT_RSADSA_BITS); + /* but this is just a warning, so proceed anyway */ } } diff --git a/windows/winpgen.c b/windows/winpgen.c index c4f3d57f..277c0914 100644 --- a/windows/winpgen.c +++ b/windows/winpgen.c @@ -1115,6 +1115,7 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg, } else if (IsDlgButtonChecked(hwnd, IDC_KEYSSH2ED25519)) { state->keytype = ED25519; } + if ((state->keytype == RSA || state->keytype == DSA) && state->key_bits < 256) { char *message = dupprintf @@ -1128,7 +1129,18 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg, break; state->key_bits = DEFAULT_KEY_BITS; SetDlgItemInt(hwnd, IDC_BITS, DEFAULT_KEY_BITS, FALSE); - } + } else if ((state->keytype == RSA || state->keytype == DSA) && + state->key_bits < DEFAULT_KEY_BITS) { + char *message = dupprintf + ("Keys shorter than %d bits are not recommended. " + "Really generate this key?", DEFAULT_KEY_BITS); + int ret = MessageBox(hwnd, message, "PuTTYgen Warning", + MB_ICONWARNING | MB_OKCANCEL); + sfree(message); + if (ret != IDOK) + break; + } + ui_set_state(hwnd, state, 1); SetDlgItemText(hwnd, IDC_GENERATING, entropy_msg); state->key_exists = FALSE;