Skip to content
Permalink
Browse files Browse the repository at this point in the history
XWIKI-19676: Update the RSA Crypto script service to use SHA256 inste…
…ad of SHA1 for certificate signature
  • Loading branch information
aubincleme committed Apr 30, 2022
1 parent 3b871d9 commit 26728f3
Showing 1 changed file with 1 addition and 1 deletion.
Expand Up @@ -86,7 +86,7 @@ public class RSACryptoScriptService implements ScriptService
private KeyPairGenerator keyPairGenerator;

@Inject
@Named("SHA1withRSAEncryption")
@Named("SHA256withRSAEncryption")

This comment has been minimized.

Copy link
@surli

surli May 2, 2022

Member

I don't know much this class, but is that ok in term of backward compatibility? If you have some signed stuff in the wiki with that script service, will it be still be able to verify the signature?

This comment has been minimized.

Copy link
@aubincleme

aubincleme May 2, 2022

Author Member

Yes to me it is fine : the SignerFactory is only used to sign certificates, not verify them. For this the CMSSignedDataVerifier is used instead, which is able to verify signatures based on the different algorithms supported by the crypto API.

This comment has been minimized.

Copy link
@tmortagne

tmortagne May 2, 2022

Member

In that case, I'm wondering if this should be cherry-picked in 13.10.x. WDYT @aubincleme ?

This comment has been minimized.

Copy link
@aubincleme

aubincleme May 2, 2022

Author Member

Yes why not ; doing it now

This comment has been minimized.

Copy link
@aubincleme

aubincleme May 2, 2022

Author Member

done as part of a7c3628 ; updating issue + release notes

private SignerFactory signerFactory;

@Inject
Expand Down

0 comments on commit 26728f3

Please sign in to comment.