Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #10543 from vlsi/sign_hash
signing plugin: use SHA512 instead of SHA1 when signing artifacts
  • Loading branch information
JLLeitschuh committed Sep 16, 2019
2 parents 0e1db72 + f50bb25 commit 425b2b7
Showing 1 changed file with 1 addition and 1 deletion.
Expand Up @@ -104,7 +104,7 @@ private void writeSignatureTo(OutputStream signatureDestination, PGPSignature pg

public PGPSignatureGenerator createSignatureGenerator() {
try {
PGPSignatureGenerator generator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1));
PGPSignatureGenerator generator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA512));
generator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
return generator;
} catch (PGPException e) {
Expand Down

0 comments on commit 425b2b7

Please sign in to comment.