[WIP] remove SHA-1 from cryptotool

Needs a similar change in aaa-jdbc
oVirt · Nov 27, 2023 · 5026d31 · 5026d31
1 parent f62a440
commit 5026d31
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/...ules/uutils/src/main/java/org/ovirt/engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java b/...ules/uutils/src/main/java/org/ovirt/engine/core/uutils/crypto/EnvelopeEncryptDecrypt.java
@@ -26,7 +26,7 @@ public class EnvelopeEncryptDecrypt {
 
     private static final String ARTIFACT = "EnvelopeEncryptDecrypt";
     private static final String VERSION = "1";
-    private static final String PUBKEY_DIGEST_ALGO = "SHA-1";
+    private static final String PUBKEY_DIGEST_ALGO = "SHA-256";
     private static final String PKEY_MODE_PADDING = "ECB/PKCS1Padding";
 
     private static final String CONTENT_KEY = "content";

diff --git a/...ger/modules/uutils/src/test/java/org/ovirt/engine/core/uutils/crypto/EnvelopePBETest.java b/...ger/modules/uutils/src/test/java/org/ovirt/engine/core/uutils/crypto/EnvelopePBETest.java
@@ -20,7 +20,7 @@ public void test1() throws Exception {
             byte[] r = new byte[i];
             random.nextBytes(r);
             String password = new Base64(0).encodeToString(r);
-            String encoded = EnvelopePBE.encode("PBKDF2WithHmacSHA1", 256, 4000, null, password);
+            String encoded = EnvelopePBE.encode("PBEWithHmacSHA512AndAES_256", 256, 4000, null, password);
             assertTrue(
                 EnvelopePBE.check(
                     encoded,
@@ -57,7 +57,7 @@ public void test2() throws Exception {
     public void test3() throws Exception {
         String password = "password";
 
-        assertNotEquals(EnvelopePBE.encode("PBKDF2WithHmacSHA1", 256, 4000, null, password),
-                EnvelopePBE.encode("PBKDF2WithHmacSHA1", 256, 4000, null, password));
+        assertNotEquals(EnvelopePBE.encode("PBEWithHmacSHA512AndAES_256", 256, 4000, null, password),
+                EnvelopePBE.encode("PBEWithHmacSHA512AndAES_256", 256, 4000, null, password));
     }
 }
diff --git a/...nd/manager/tools/src/main/resources/org/ovirt/engine/core/cryptotool/arguments.properties b/...nd/manager/tools/src/main/resources/org/ovirt/engine/core/cryptotool/arguments.properties
@@ -124,7 +124,7 @@ Password can be specified in one of the following format:\n\
 \  file:FILE - provide a password as 1st line of FILE.
 pbe-encode.arg.algorithm.name = algorithm
 pbe-encode.arg.algorithm.type = required_argument
-pbe-encode.arg.algorithm.default = PBKDF2WithHmacSHA1
+pbe-encode.arg.algorithm.default = PBEWithHmacSHA512AndAES_256
 pbe-encode.arg.algorithm.metavar = ALGORITHM
 pbe-encode.arg.algorithm.help = PBE algorithm, default: @CLI_PRM_DEFAULT@
 pbe-encode.arg.key-size.name = key-size