-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forbid v1 & v2 convergent keys in Transit #85
Conversation
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
c8d89c1
to
fbaa0e0
Compare
fbaa0e0
to
6a00d9b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lgtm 👍
This prohibits the usage of the nonce field entirely, removing it as an API option from Transit. Similarly in the keysutil backend, v1 & v2 keys are forbidden. Because this completely removes nonce from the APIs, this results in OpenBao issuing a warning about the unknown parameter via the CLI, but does not fail requests. A nil value for nonce will be passed into the SDK, which will then generate a fresh value (for encryption) or use the value inferred from the ciphertext (for decryption). Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
6a00d9b
to
f149951
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Curious, what makes it v1 and v2 convergent keys aren't safe but v3 is? The fact that nonce
s aren't under user control?
Correct. Check this out for details: https://cryptopals.com/sets/8/challenges/63.txt |
This prohibits the usage of the nonce field entirely, removing it as an API option from Transit. Similarly in the keysutil backend, v1 & v2 keys are forbidden.
Because this completely removes nonce from the APIs, this results in OpenBao issuing a warning about the unknown parameter via the CLI, but does not fail requests. A nil value for nonce will be passed into the SDK, which will then generate a fresh value (for encryption) or use the value inferred from the ciphertext (for decryption).
Resolves: #37