Update defaults rsa client key size (#226)

* codecov-test-p1

* update-key-size to match CISA recomendations

* add okta link and remove coveralls badge/link

.github/workflows/codecov.yml

@@ -10,8 +10,8 @@ on:
     - cron: '17 11 * * 2'
 
 jobs:
-  analyze:
-    name: Analyze
+  analyzecover:
+    name: Analyzecover
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -25,11 +25,19 @@ jobs:
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
-steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-   - name: Upload coverage reports to Codecov
-      uses: codecov/[email protected]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 'stable'
+      - name: Gather dependencies
+        run: go mod download
+      - name: Run coverage
+        # disable race condition test for now as it breaks because of the rrdialer
+        #run: go test -race -coverprofile=coverage.txt -covermode=atomic ./...
+        run: go test  -coverprofile=coverage.txt -covermode=atomic ./...
+      - name: Upload coverage reports to Codecov
+        uses: codecov/[email protected]
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

README.md

@@ -1,9 +1,8 @@
 # Keymaster
 
 [![Build Status](https://github.com/Cloud-Foundations/keymaster/actions/workflows/test.yml/badge.svg?query=branch%3Amaster)](https://github.com/Cloud-Foundations/keymaster/actions/workflows/test.yml?query=branch%3Amaster)
-[![Coverage Status](https://coveralls.io/repos/github/Cloud-Foundations/keymaster/badge.svg?branch=master)](https://coveralls.io/github/Cloud-Foundations/keymaster?branch=master)
 
-Keymaster is usable short-term certificate based identity system. With a primary goal to be a single-sign-on (with optional second factor with [Symantec VIP](https://vip.symantec.com/), [U2F](https://fidoalliance.org/specifications/overview/) tokens or [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) compatible apps ([FreeOTP](https://freeotp.github.io/)/google authenticator ) ) for CLI operations (both SSHD and TLS).
+Keymaster is usable short-term certificate based identity system. With a primary goal to be a single-sign-on (with optional second factor with [Symantec VIP](https://vip.symantec.com/), [U2F](https://fidoalliance.org/specifications/overview/) tokens, [OKTA](https://developer.okta.com/docs/reference/api/authn/)  (requires using also using OKTA for password), or [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) compatible apps ([FreeOTP](https://freeotp.github.io/)/google authenticator ) ) for CLI operations (both SSHD and TLS).
 
 As a secondary role keymaster is compliant openidc provider intended for easy use for internal web based applications.
 
@@ -39,7 +38,7 @@ In addition for linux you will also need:
 * pkg-config
 * libudev-dev
 
-For Windows (both gcc and gnu-make) use: [TDM-GCC (64 bit)](https://sourceforge.net/projects/tdm-gcc/). Recent windows builds fail  when using TDM-GCC 5.x. Successful builds are known with golang 1.16.X and gcc 10.X.
+For Windows (both gcc and gnu-make) use: [TDM-GCC (64 bit)](https://sourceforge.net/projects/tdm-gcc/). Recent windows builds fail  when using TDM-GCC 5.x. Successful builds are known with golang 1.21.X and gcc 10.X.
 
 #### Building
 1. make get-deps

cmd/keymaster/main.go

@@ -182,7 +182,7 @@ func backgroundConnectToAnyKeymasterServer(targetUrls []string, client *http.Cli
 	return fmt.Errorf("Cannot connect to any keymaster Server")
 }
 
-const rsaKeySize = 2048
+const rsaKeySize = 3072
 
 func generateAwsRoleCert(homeDir string,
 	configContents config.AppConfigFile,