fix: warn about weak key size for OctKey and RSAKey

lepture · lepture · commit 115b5c5b3653 · 2025-07-03T10:58:00.000+09:00
diff --git a/src/joserfc/_rfc7518/oct_key.py b/src/joserfc/_rfc7518/oct_key.py
@@ -2,6 +2,7 @@
 from typing import Any
 import secrets
 import warnings
+from ..errors import SecurityWarning
 from ..util import (
     to_bytes,
     urlsafe_b64decode,
@@ -36,7 +37,7 @@ def import_from_dict(cls, value: DictKey) -> bytes:
     def import_from_bytes(cls, value: bytes, password: Any | None = None) -> bytes:
         # security check
         if value.startswith(POSSIBLE_UNSAFE_KEYS):
-            warnings.warn("This key may not be safe to import")
+            warnings.warn("This key may not be safe to import", SecurityWarning)
         return value
 
 
@@ -73,6 +74,10 @@ def generate_key(
         if key_size % 8 != 0:
             raise ValueError("Invalid bit size for oct key")
 
+        if key_size < 112:
+            # https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
+            warnings.warn("Key size should be >= 112 bits", SecurityWarning)
+
         raw_key = secrets.token_bytes(key_size // 8)
         key: OctKey = cls(raw_key, raw_key, parameters)
         if auto_kid:
diff --git a/src/joserfc/_rfc7518/rsa_key.py b/src/joserfc/_rfc7518/rsa_key.py
@@ -1,4 +1,5 @@
 from __future__ import annotations
+import warnings
 from typing import TypedDict
 from functools import cached_property
 from cryptography.hazmat.primitives.asymmetric.rsa import (
@@ -14,6 +15,7 @@
 )
 from cryptography.hazmat.backends import default_backend
 from ..registry import KeyParameter
+from ..errors import SecurityWarning
 from .._rfc7517.models import AsymmetricKey
 from .._rfc7517.pem import CryptographyBinding
 from .._rfc7517.types import KeyParameters
@@ -148,12 +150,13 @@ def generate_key(
         if key_size is None:
             key_size = 2048
 
-        if key_size < 512:
-            raise ValueError("key_size must not be less than 512")
-
         if key_size % 8 != 0:
             raise ValueError("Invalid key_size for RSAKey")
 
+        if key_size < 2048:
+            # https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
+            warnings.warn("Key size should be >= 2048 bits", SecurityWarning)
+
         raw_key = generate_private_key(
             public_exponent=65537,
             key_size=key_size,
