fix(#288): Upgrade RSA key size to 4096 bits

Changed modulusLength from 2048 to 4096 in generateKeypair() method following NIST recommendations for long-term security. Added test to verify generated keys meet the minimum size requirement. Security improvement: RSA-4096 provides better protection against future cryptographic attacks as computational power increases. Fixes #288 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 21:33:57 -06:00
parent aabf97fe4e
commit ecb33a17fe
2 changed files with 14 additions and 1 deletions
--- a/apps/api/src/federation/federation.service.ts
+++ b/apps/api/src/federation/federation.service.ts
@@ -57,10 +57,11 @@ export class FederationService {

  /**
   * Generate a new RSA key pair for instance signing
+   * Uses RSA-4096 for future-proof security (NIST recommendation)
   */
  generateKeypair(): KeyPair {
    const { publicKey, privateKey } = generateKeyPairSync("rsa", {
-      modulusLength: 2048,
+      modulusLength: 4096,
      publicKeyEncoding: {
        type: "spki",
        format: "pem",