From cdbd700c2ea1d2ece6f6774b0515eef87c84e192 Mon Sep 17 00:00:00 2001
From: ComputerTech <computertech312@gmail.com>
Date: Sat, 28 Mar 2026 01:15:14 +0000
Subject: [PATCH] Allow configuring paste ID and encryption key lengths in
 config.json

---
 app.py                    | 1 +
 config.json               | 1 +
 static/js/crypto.js       | 6 +++---
 static/js/paste_create.js | 3 ++-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/app.py b/app.py
index 2e55c93..3a7c677 100644
--- a/app.py
+++ b/app.py
@@ -390,6 +390,7 @@ def get_client_config():
             'default_expiry':       _pastes.get('default_expiry', 'never'),
             'allow_expiry_options': _pastes.get('allow_expiry_options', []),
             'expiry_labels':        _pastes.get('expiry_labels', {}),
+            'encryption_key_bits':   _pastes.get('encryption_key_bits', 128),
         },
     })
 
diff --git a/config.json b/config.json
index 2eb4d75..e5dba86 100644
--- a/config.json
+++ b/config.json
@@ -23,6 +23,7 @@
   "pastes": {
     "max_size_bytes": 2097152,
     "id_length": 8,
+    "encryption_key_bits": 128,
     "recent_limit": 50,
     "default_language": "text",
     "default_expiry": "1year",
diff --git a/static/js/crypto.js b/static/js/crypto.js
index 60f8406..56fecd5 100644
--- a/static/js/crypto.js
+++ b/static/js/crypto.js
@@ -43,10 +43,10 @@ const PasteCrypto = (function () {
     }
 
     return {
-        /** Generate a new, random AES-GCM 256-bit key. */
-        async generateKey() {
+        /** Generate a new, random AES-GCM key. Default to 128-bit if not specified. */
+        async generateKey(length = 128) {
             return window.crypto.subtle.generateKey(
-                { name: 'AES-GCM', length: 128 },
+                { name: 'AES-GCM', length: length },
                 true,
                 ['encrypt', 'decrypt']
             );
diff --git a/static/js/paste_create.js b/static/js/paste_create.js
index aca2348..8031414 100644
--- a/static/js/paste_create.js
+++ b/static/js/paste_create.js
@@ -89,7 +89,8 @@ document.addEventListener('DOMContentLoaded', function () {
         try {
             let postBody, keyBase64 = null;
             if (E2E) {
-                const key = await PasteCrypto.generateKey();
+                const keyLen = window.PBCFG?.pastes?.encryption_key_bits ?? 128;
+                const key = await PasteCrypto.generateKey(keyLen);
                 keyBase64 = await PasteCrypto.exportKey(key);
                 const plain = JSON.stringify({ title, content, language });
                 postBody = { encrypted_data: await PasteCrypto.encrypt(plain, key), expires_in };