Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt PEM files with AES #50843

Closed
ckauf opened this issue Jan 10, 2020 · 2 comments · Fixed by #51019
Closed

Encrypt PEM files with AES #50843

ckauf opened this issue Jan 10, 2020 · 2 comments · Fixed by #51019
Assignees
@ywangd
Labels
>enhancement :Security/TLS SSL/TLS, Certificates

Comments

@ckauf
Copy link
Contributor

ckauf commented Jan 10, 2020
edited by jkakavas
Loading

elasticsearch-certutil uses DES-EDE3-CBC for encrypting private keys when writing them to PEM files.

It should be considered to move to an AES based one.
@jkakavas jkakavas changed the title CertificateGenerateTool.class uses DES-EDE3-CBC Encrypt PEM files with AES Jan 10, 2020
@jkakavas jkakavas added :Security/TLS SSL/TLS, Certificates >enhancement labels Jan 10, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Network)

@tvernum
Copy link
Contributor

tvernum commented Jan 13, 2020

See: CertificateTool.getEncrypter

ywangd added a commit to ywangd/elasticsearch that referenced this issue Jan 15, 2020
@ywangd
Encrypt generated cert with AES
8214f91 
Replace DES with AES to align with modern encryption standards

Resolves: elastic#50843
@ywangd ywangd mentioned this issue Jan 15, 2020
Merged
ywangd added a commit that referenced this issue Jan 15, 2020
@ywangd
Encrypt generated key with AES (#51019)
755c3fd 
Replace DES with AES to align with modern encryption standards

Resolves: #50843
ywangd added a commit to ywangd/elasticsearch that referenced this issue Jan 15, 2020
@ywangd
Encrypt generated key with AES (elastic#51019)
2f2aac4 
Replace DES with AES to align with modern encryption standards

Resolves: elastic#50843
@ywangd ywangd mentioned this issue Jan 15, 2020
Merged
ywangd added a commit that referenced this issue Jan 16, 2020
@ywangd
Encrypt generated key with AES (#51019) (#51076)
c1a6d5d 
Replace DES with AES to align with modern encryption standards
Backport also fixs Files.readString API that is not available in Java 8

Resolves: #50843
SivagurunathanV pushed a commit to SivagurunathanV/elasticsearch that referenced this issue Jan 23, 2020
@ywangd @SivagurunathanV
Encrypt generated key with AES (elastic#51019)
9dde43c 
Replace DES with AES to align with modern encryption standards

Resolves: elastic#50843
@codebrain codebrain mentioned this issue Apr 1, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ywangd ywangd

Labels
>enhancement :Security/TLS SSL/TLS, Certificates
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Encrypt generated key with AES ywangd/elasticsearch
5 participants
@tvernum @ywangd @jkakavas @ckauf @elasticmachine