// with a key smaller than 1024 bits. Such keys are insecure and should not be
// used.
//
-// The `rsa1024min=0` GODEBUG setting suppresses this error, but we recommend
-// doing so only in tests, if necessary. Tests can use [testing.T.Setenv] or
-// include `//go:debug rsa1024min=0` in a `_test.go` source file to set it.
+// The rsa1024min=0 GODEBUG setting suppresses this error, but we recommend
+// doing so only in tests, if necessary. Tests can set this option using
+// [testing.T.Setenv] or by including "//go:debug rsa1024min=0" in a *_test.go
+// source file.
//
// Alternatively, see the [GenerateKey (TestKey)] example for a pregenerated
// test-only 2048-bit key.
//
-// [GenerateKey (TestKey)]: #example-GenerateKey-TestKey
+// [GenerateKey (TestKey)]: https://pkg.go.dev/crypto/rsa#example-GenerateKey-TestKey
package rsa
import (
// Validate performs basic sanity checks on the key.
// It returns nil if the key is valid, or else an error describing a problem.
//
-// It runs faster on valid keys if run after [Precompute].
+// It runs faster on valid keys if run after [PrivateKey.Precompute].
func (priv *PrivateKey) Validate() error {
// We can operate on keys based on d alone, but it isn't possible to encode
// with [crypto/x509.MarshalPKCS1PrivateKey], which unfortunately doesn't
// returned key does not depend deterministically on the bytes read from rand,
// and may change between calls and/or between versions.
//
-// [Minimum key size]: #hdr-Minimum_key_size
+// [Minimum key size]: https://pkg.go.dev/crypto/rsa#hdr-Minimum_key_size
func GenerateKey(random io.Reader, bits int) (*PrivateKey, error) {
if err := checkKeySize(bits); err != nil {
return nil, err