rspec/rules/S4426/python/how-to-fix-it/pyca.adoc

== How to fix it in pyca

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

include::../../common/fix/rsa.adoc[]

[source,python,diff-id=1,diff-type=noncompliant]
----
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend

backend = default_backend()

private_key = rsa.generate_private_key(key_size = 1024, backend = backend) # Noncompliant
public_key  = private_key.public_key()
----

include::../../common/fix/dsa.adoc[]

[source,python,diff-id=2,diff-type=noncompliant]
----
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.backends import default_backend

backend = default_backend()

private_key = dsa.generate_private_key(key_size = 1024, backend = backend) # Noncompliant
public_key  = private_key.public_key()
----

include::../../common/fix/ec.adoc[]

[source,python,diff-id=4,diff-type=noncompliant]
----
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.backends import default_backend

backend = default_backend()

private_key = ec.generate_private_key(curve=ec.SECT163R2, backend=backend)  # Noncompliant
public_key  = private_key.public_key()
----

==== Compliant solution

[source,python,diff-id=1,diff-type=compliant]
----
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend

backend = default_backend()

private_key = rsa.generate_private_key(key_size = 2048, backend = backend)
public_key  = private_key.public_key()
----

[source,python,diff-id=2,diff-type=compliant]
----
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.backends import default_backend

backend = default_backend()

private_key = dsa.generate_private_key(key_size = 2048, backend = backend)
public_key  = private_key.public_key()
----

[source,python,diff-id=4,diff-type=compliant]
----
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.backends import default_backend

backend = default_backend()

private_key = ec.generate_private_key(curve=ec.SECT409R1, backend=backend)
public_key  = private_key.public_key()
----

=== How does this work?

include::../../common/fix/fix.adoc[]

=== Going the extra mile

include::../../common/extra-mile/pre-quantum.adoc[]