Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8206

Use SHA256 with creating signed PKCS7 messages from X509 CAs

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.2.0
    • Component/s: None
    • Labels:
      None
    • Provenance:
      Standards Work
    • Issue discovered during:
      Community
    • Sprint:
      EJBCA Team Alice - 2019 w21

      Description

      When creating PKCS7 messages from an X509 CA it is still signed with SHA1, for example SHA1WithRSA. This is typically only used to deliver certificate responses in PKCS7 format instead of plain certificates. Since the certificate is signed in it's own, the signature on the PKCS#7 is not an really important security aspect. But it should be changed anyhow.

      It is a one line change, and let's check the signature algorithm in the JUnit test as well.

        Attachments

          Activity

            People

            Assignee:
            tomas Tomas Gustavsson
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Amin Khorsandi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m
                Logged:
                Time Spent - 30 minutes Remaining Estimate - 30 minutes
                30m