Generate RSA keys

[kpcyrd]

I'm personally not that keen about RSA, but SAML explicitly requires RSA or DSA.

With the recent rcgen 0.13.0 release it's possible to select a SignatureAlgorithm (yey!) and I was hoping I could now generate RSA keys too, but this is currently not supported, since it's not implemented in ring.

// This currently fails
let keypair = KeyPair::generate_for(&PKCS_RSA_SHA256)?;

Opening this issue to request this feature, but I also understand if this doesn't have priority. :)

Also note with this api design it's not clear if a 2048bit or 4096bit RSA key should be generated.

Thanks!

[cpu]

👋 hey kpcyrd,

I'm on mobile so my answer isn't as detailed as it should be. RSA key generation is supported w/ the aws-lc-rs backend, but might need better documentation/discoverability. There's an example in the Rustls repo using rcgen to create RSA 2048, 3072 and 4096 key pairs as a ref. point: https://github.com/rustls/rustls/blob/main/rustls/examples/internal/test_ca.rs

[kpcyrd]

Got it to work, thank you very much! :)