Warn about short RSA/DSA keys in PuTTYgen.

It's only a warning; Windows PuTTYgen puts it up as a message box, and will still generate the key if you click yes, and Unix PuTTYgen just prints the warning and gets on with generation anyway. But it might help encourage people to move away from 1024-bit keys, if they're still using them.
2025-07-01 11:32:48 -05:00 · 2016-04-02 08:00:37 +01:00
parent b0b5d5fbe6
commit 57477cb7ca
2 changed files with 21 additions and 2 deletions
--- a/windows/winpgen.c
+++ b/windows/winpgen.c
@ -1115,6 +1115,7 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
                } else if (IsDlgButtonChecked(hwnd, IDC_KEYSSH2ED25519)) {
                    state->keytype = ED25519;
                }
+
 		if ((state->keytype == RSA || state->keytype == DSA) &&
                    state->key_bits < 256) {
                    char *message = dupprintf
@ -1128,7 +1129,18 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 			break;
 		    state->key_bits = DEFAULT_KEY_BITS;
 		    SetDlgItemInt(hwnd, IDC_BITS, DEFAULT_KEY_BITS, FALSE);
-		}
+		} else if ((state->keytype == RSA || state->keytype == DSA) &&
+                           state->key_bits < DEFAULT_KEY_BITS) {
+                    char *message = dupprintf
+                        ("Keys shorter than %d bits are not recommended. "
+                         "Really generate this key?", DEFAULT_KEY_BITS);
+		    int ret = MessageBox(hwnd, message, "PuTTYgen Warning",
+					 MB_ICONWARNING | MB_OKCANCEL);
+                    sfree(message);
+		    if (ret != IDOK)
+			break;
+                }
+
 		ui_set_state(hwnd, state, 1);
 		SetDlgItemText(hwnd, IDC_GENERATING, entropy_msg);
 		state->key_exists = FALSE;