From 27a2c014f76b2b5101324a723dac091eef66938f Mon Sep 17 00:00:00 2001
From: Paul Dee <itsascambutmailmeanyway@gmail.com>
Date: Wed, 1 Mar 2023 16:27:20 +0100
Subject: [PATCH] feat: add RSA 3072 (#1856)

---
 certcrypto/crypto.go       | 3 +++
 cmd/flags.go               | 2 +-
 cmd/setup.go               | 2 ++
 docs/data/zz_cli_help.toml | 2 +-
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/certcrypto/crypto.go b/certcrypto/crypto.go
index 31e31f1d..c40bbfcc 100644
--- a/certcrypto/crypto.go
+++ b/certcrypto/crypto.go
@@ -25,6 +25,7 @@ const (
 	EC256   = KeyType("P256")
 	EC384   = KeyType("P384")
 	RSA2048 = KeyType("2048")
+	RSA3072 = KeyType("3072")
 	RSA4096 = KeyType("4096")
 	RSA8192 = KeyType("8192")
 )
@@ -121,6 +122,8 @@ func GeneratePrivateKey(keyType KeyType) (crypto.PrivateKey, error) {
 		return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	case RSA2048:
 		return rsa.GenerateKey(rand.Reader, 2048)
+	case RSA3072:
+		return rsa.GenerateKey(rand.Reader, 3072)
 	case RSA4096:
 		return rsa.GenerateKey(rand.Reader, 4096)
 	case RSA8192:
diff --git a/cmd/flags.go b/cmd/flags.go
index 902d3526..2cf1182d 100644
--- a/cmd/flags.go
+++ b/cmd/flags.go
@@ -50,7 +50,7 @@ func CreateFlags(defaultPath string) []cli.Flag {
 			Name:    "key-type",
 			Aliases: []string{"k"},
 			Value:   "ec256",
-			Usage:   "Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384.",
+			Usage:   "Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384.",
 		},
 		&cli.StringFlag{
 			Name:  "filename",
diff --git a/cmd/setup.go b/cmd/setup.go
index b21b6d53..e07a8780 100644
--- a/cmd/setup.go
+++ b/cmd/setup.go
@@ -65,6 +65,8 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType {
 	switch strings.ToUpper(keyType) {
 	case "RSA2048":
 		return certcrypto.RSA2048
+	case "RSA3072":
+		return certcrypto.RSA3072
 	case "RSA4096":
 		return certcrypto.RSA4096
 	case "RSA8192":
diff --git a/docs/data/zz_cli_help.toml b/docs/data/zz_cli_help.toml
index 712c6622..359ca373 100644
--- a/docs/data/zz_cli_help.toml
+++ b/docs/data/zz_cli_help.toml
@@ -38,7 +38,7 @@ GLOBAL OPTIONS:
    --http.port value                                            Set the port and interface to use for HTTP based challenges to listen on.Supported: interface:port or :port. (default: ":80")
    --http.proxy-header value                                    Validate against this HTTP header when solving HTTP based challenges behind a reverse proxy. (default: "Host")
    --http.webroot value                                         Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge
-   --key-type value, -k value                                   Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
+   --key-type value, -k value                                   Key type to use for private keys. Supported: rsa2048, rsa3072, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
    --kid value                                                  Key identifier from External CA. Used for External Account Binding.
    --path value                                                 Directory to use for storing the data. (default: "./.lego") [$LEGO_PATH]
    --pem                                                        Generate a .pem file by concatenating the .key and .crt files together. (default: false)