docs: add link to NIST docs explaining RSA key size and fix typos

Author: mattsb42-aws

examples/src/keyring/multi/aws_kms_with_escrow.py

@@ -49,6 +49,9 @@ def run(aws_kms_cmk, source_plaintext):
     # Generate an RSA private key to use with your keyring.
     # In practice, you should get this key from a secure key management system such as an HSM.
     #
+    # The National Institute of Standards and Technology (NIST) recommends a minimum of 2048-bit keys for RSA.
+    # https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths
+    #
     # Why did we use this public exponent?
     # https://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf
     private_key = rsa.generate_private_key(public_exponent=65537, key_size=4096, backend=default_backend())

examples/src/keyring/raw_rsa/private_key_only.py

@@ -37,6 +37,9 @@ def run(source_plaintext):
     # Generate an RSA private key to use with your keyring.
     # In practice, you should get this key from a secure key management system such as an HSM.
     #
+    # The National Institute of Standards and Technology (NIST) recommends a minimum of 2048-bit keys for RSA.
+    # https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths
+    #
     # Why did we use this public exponent?
     # https://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf
     private_key = rsa.generate_private_key(public_exponent=65537, key_size=4096, backend=default_backend())

examples/src/keyring/raw_rsa/private_key_only_from_pem.py

@@ -40,6 +40,9 @@ def run(source_plaintext):
     # Generate an RSA private key to use with your keyring.
     # In practice, you should get this key from a secure key management system such as an HSM.
     #
+    # The National Institute of Standards and Technology (NIST) recommends a minimum of 2048-bit keys for RSA.
+    # https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths
+    #
     # Why did we use this public exponent?
     # https://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf
     private_key = rsa.generate_private_key(public_exponent=65537, key_size=4096, backend=default_backend())

examples/src/keyring/raw_rsa/public_private_key_separate.py

@@ -3,7 +3,7 @@
 """
 One of the benefits of asymmetric encryption
 is that you can encrypt with just the public key.
-This means that you give someone the ability to encrypt
+This means that you can give someone the ability to encrypt
 without giving them the ability to decrypt.
 
 The raw RSA keyring supports encrypt-only operations
@@ -47,6 +47,9 @@ def run(source_plaintext):
     # Generate an RSA private key to use with your keyring.
     # In practice, you should get this key from a secure key management system such as an HSM.
     #
+    # The National Institute of Standards and Technology (NIST) recommends a minimum of 2048-bit keys for RSA.
+    # https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths
+    #
     # Why did we use this public exponent?
     # https://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf
     private_key = rsa.generate_private_key(public_exponent=65537, key_size=4096, backend=default_backend())
@@ -103,7 +106,7 @@ def run(source_plaintext):
         pass
     else:
         # Show that the public keyring could not decrypt.
-        raise AssertionError("This will never happen!")
+        raise AssertionError("The public key can never decrypt!")
 
     # Decrypt your encrypted data using the decrypt keyring.
     #