Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(AWSIoT): Use SHA256 digest for createKeysAndCertificateFromCsr #3345

Merged
merged 2 commits into from
Dec 23, 2020
Merged

feat(AWSIoT): Use SHA256 digest for createKeysAndCertificateFromCsr #3345

merged 2 commits into from
Dec 23, 2020

Conversation

palpatim
Copy link
Member

Issue #, if available: #3304

Description of changes:

  • Updated to use SHA256
  • Confirmed with IoT team that even if the client uses SHA1 to sign the Certificate Signing Request, the IoT service generates a certificate signed with an appropriate strong hashing algorithm.
  • Tested locally and confirmed that the certificates resulting from the changed code are signed with sha256WithRSAEncryption

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

drochetti
drochetti approved these changes Dec 23, 2020
View reviewed changes
AWSIoT/Internal/AWSIoTCSR.m
Comment on lines +90 to +101
// DER encoded value of digest algorithm sha256WithRSAEncryption
// http://oid-info.com/get/1.2.840.113549.1.1.11
// Structure:
// 0x30 DER SEQUENCE type
// 0x0D - Length 13
// 0x06 DER OBJECT IDENTIFIER type
// (https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-object-identifier)
// 0x09 - Length 9
// 0x2A...0x0B - Encoded value of OID 1.2.840.113549.1.1.11
// 0x05 DER NULL type
// 0x00 - Length 0
unsigned char tag[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks this!

@palpatim palpatim mentioned this pull request Dec 23, 2020
Closed
@palpatim palpatim changed the base branch from main to develop December 23, 2020 21:53
@palpatim palpatim merged commit bd40b9d into develop Dec 23, 2020
@palpatim palpatim deleted the palpatim.feat.iot-csr-sha2 branch December 23, 2020 22:21
gabek pushed a commit to KeepSafe/aws-sdk-ios that referenced this pull request Aug 31, 2023
@palpatim @gabek
feat(AWSIoT): Use SHA256 digest for createKeysAndCertificateFromCsr (a…
c1698aa 
…ws-amplify#3345)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drochetti drochetti drochetti approved these changes

@royjit royjit royjit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@palpatim @drochetti @royjit