SHA1 is broken

[BloggerBust]

According the the README passport-saml-encrypted uses RSA-SHA1 to encrypt SAML. Since SHA1 has been broken for quite some time now https://www.schneier.com/blog/archives/2005/02/sha1_broken.html. Are there plans to update the code to use a hash algorithm from SHA2?

[lmarkus]

That's just for signing, not for the actual encryption of the assertion.

The provider is the one that decides the encryption scheme.
See https://github.com/lmarkus/passport-saml-encrypted/blob/master/lib/decryptSAML.js#L41-L50

[BloggerBust]

Thank you for the quick response. That makes sense, but in the readme there seems to be a contradiction.

Authentication requests sent by Passport-SAML can be signed using RSA-SHA1. To sign them you need to provide a private key in the PEM format via the privateCert configuration key. For example:

privateCert: fs.readFileSync('./cert.pem', 'utf-8')

Then a little farther down in the readme:

If the response is encrypted, you need to supply your public key to the SAML provider, and use your private key to decrypt the response. This is specified as:

 privateCert: fs.readFileSync('path/to/privkey.pem', 'utf-8')

The property privateCert seems to be used for both signing and decrypting? This is the root of my confusion. If the first statement is true then the private key being used to decrypt the SAML must be using SHA1. Rereading it now though I think that there must be a mistake in the readme? The property can't be used to both sign the SAML requests and decrypt the SAML responses, can it? If it is then doesn't that mean that the SAML is encrypted using SHA1?