Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7853

Change default digest alg of CMP request and response messages to SHA256

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.1.0
    • Component/s: None
    • Labels:
      None
    • Provenance:
      Internal Delivery
    • Issue discovered during:
      Community
    • Sprint:
      EJBCA Team Bob - 2019 w10, EJBCA Team Bob - 2019 w13

      Description

      Using CMP a signed CMP response will use the same algorithm (i.e. SHA256WithRSA) as the client request. If defaults to SHA1 though, which is outdated. Change defaults to SHA256.

      Note: note this in the upgrade guide clearly.

      Probably some JUNit tests will have to be updated.

      Only a few places to change, for example:

      • CrmfRequestMessage.preferredDigestAlg
      • CmpResponseMessage.digest

       Also see AlgorithmToolsTest.testGetAlgorithmNameFromDigestAndKey, change default returned alg to be SHA256WithRSA.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tomas Tomas Gustavsson
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Ulf Undmark
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 hours Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours
                  3h