You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by "WillChilds-Klein (via GitHub)" <gi...@apache.org> on 2023/02/15 17:16:26 UTC

[GitHub] [santuario-xml-security-java] WillChilds-Klein opened a new pull request, #125: Increase TestUtils RSA key size to 2048-bit

WillChilds-Klein opened a new pull request, #125:
URL: https://github.com/apache/santuario-xml-security-java/pull/125

   # Notes
   
   Some JCA providers enforce minimum key sizes for RSA. Under such providers, the prior test RSA keys (~250 bits) caused errant failures due to these checks.
   
   Commands run to generate new 2048 bit RSA key:
   
   ```
   $ openssl genrsa -out rsa.pem
   Generating RSA private key, 2048 bit long modulus
   ...
   
   $ openssl rsa -in rsa.pem -noout -modulus | cut -d= -f2 | python -c 'import sys; print(int(sys.stdin.read(), 16))'
   25623882427526707322866322256240741413699766555508113361975182446922418415089438936415989175296088974016615587740736574241342957393002320762010474925830839106425586207448011995748812345401230782267753189386103568502885279593734636842405461656752755702912746172339027034096681889413854955725588164346940842786630738833311668086338812048993406627875818948914819316678433784472883107947150827418112730771165726422295838065290136656204305183681062358941954544617538033203389194497917362344779507907933457930952778285948136508570166989856730778407368193764241294623598058775696847518736534397297112966951721385759730339389
   
   $ openssl rsa -in rsa.pem -text
   ...
   
   $ echo '1bf2f1ceb238a151c4b14cfd7d752f08c58432cdf98fef591073aa9d1cd51869a66c5bc7843e610bf37737d657f0cbdbefbb12b67e595b491ebdb9dbd9a9da512db092d31b0ae2a20d74a4f21e1d80d97e7ce81ff9fdfd780f531a246d2723aad2317b2ed683a11a43e4ce51225ea4b1352061f2174d11f76bb281331cd8d0574a0c8da25b346a3bc8e5073bbbc8a09882a2212688d5f542a11080eb6560fb013281d802a0e7d9c5937100134fc1d2f4985e7d561451ed34b21fef9fb39724d2256e9975751672e1241473cdd052a6b8e8f584404abd262ecebcc9a1513a1a04a1ebbdb0ba0bd8b9fc1bc573ee0178dbb239e618441c9bbeaa70fbc71d5c4001' | python -c 'import sys; print(int(sys.stdin.read(), 16))'3528234661733082180776442193574872980411472807679710926323512617315835387304379159287393172068784150960921907682262032835709276401337457353195637971385591224749141552649814002008594879303305103669441762378811947482643953233346985105602436577666613782490572065538358178672939825900951021872647627982159607020517494035808696000711764612928507262119202126863967982149512266656979649854828368946729091888471713686050609
 236660803230783779358341620231090291260341354329267023477206244292304622212026424326791744469389564408227691436807395676615403132438757121377972296526283759417146522152664932814217676090967196165750785
   ```
   
   # Testing
   
   - ran unit tests with [ACCP 2.0](https://github.com/corretto/amazon-corretto-crypto-provider/) installed at highest priority -- failed before the change and passed after.
   - this repo's CI checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [santuario-xml-security-java] coheigea commented on pull request #125: Increase TestUtils RSA key size to 2048-bit

Posted by "coheigea (via GitHub)" <gi...@apache.org>.

coheigea commented on PR #125:
URL: https://github.com/apache/santuario-xml-security-java/pull/125#issuecomment-1432842304

   @seanjmullan OK with you?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [santuario-xml-security-java] seanjmullan commented on a diff in pull request #125: Increase TestUtils RSA key size to 2048-bit

Posted by "seanjmullan (via GitHub)" <gi...@apache.org>.

seanjmullan commented on code in PR #125:
URL: https://github.com/apache/santuario-xml-security-java/pull/125#discussion_r1108466214


##########
src/test/java/javax/xml/crypto/test/dsig/TestUtils.java:
##########
@@ -107,10 +107,10 @@ public class TestUtils {
     private static final String DSA_2048_X =
         "14562787764977288900757387442281559936279834964901963465277698843172";
     private static final String RSA_MOD =
-        "010800185049102889923150759252557522305032794699952150943573164381936603255999071981574575044810461362008102247767482738822150129277490998033971789476107463";
+        "25623882427526707322866322256240741413699766555508113361975182446922418415089438936415989175296088974016615587740736574241342957393002320762010474925830839106425586207448011995748812345401230782267753189386103568502885279593734636842405461656752755702912746172339027034096681889413854955725588164346940842786630738833311668086338812048993406627875818948914819316678433784472883107947150827418112730771165726422295838065290136656204305183681062358941954544617538033203389194497917362344779507907933457930952778285948136508570166989856730778407368193764241294623598058775696847518736534397297112966951721385759730339389";

Review Comment:
   I'm ok with changing this to 2048. However, you also need to update all the calls to `TestUtils.getPublicKey("RSA", 512)` to `TestUtils.getPublicKey("RSA", 2048)` (and `getPrivateKey("RSA", 512)`. There are a few instances in `TestUtils` and a couple in `XMLSignatureTest`.
   
   You also need to change line 159 to:
   
   `            if (keysize == 2048) {`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [santuario-xml-security-java] coheigea merged pull request #125: Increase TestUtils RSA key size to 2048-bit

Posted by "coheigea (via GitHub)" <gi...@apache.org>.

coheigea merged PR #125:
URL: https://github.com/apache/santuario-xml-security-java/pull/125


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [santuario-xml-security-java] seanjmullan commented on pull request #125: Increase TestUtils RSA key size to 2048-bit

Posted by "seanjmullan (via GitHub)" <gi...@apache.org>.

seanjmullan commented on PR #125:
URL: https://github.com/apache/santuario-xml-security-java/pull/125#issuecomment-1433073286

   > @seanjmullan OK with you?
   
   Not yet, I have some comments.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [santuario-xml-security-java] WillChilds-Klein commented on a diff in pull request #125: Increase TestUtils RSA key size to 2048-bit

Posted by "WillChilds-Klein (via GitHub)" <gi...@apache.org>.

WillChilds-Klein commented on code in PR #125:
URL: https://github.com/apache/santuario-xml-security-java/pull/125#discussion_r1108730288


##########
src/test/java/javax/xml/crypto/test/dsig/TestUtils.java:
##########
@@ -107,10 +107,10 @@ public class TestUtils {
     private static final String DSA_2048_X =
         "14562787764977288900757387442281559936279834964901963465277698843172";
     private static final String RSA_MOD =
-        "010800185049102889923150759252557522305032794699952150943573164381936603255999071981574575044810461362008102247767482738822150129277490998033971789476107463";
+        "25623882427526707322866322256240741413699766555508113361975182446922418415089438936415989175296088974016615587740736574241342957393002320762010474925830839106425586207448011995748812345401230782267753189386103568502885279593734636842405461656752755702912746172339027034096681889413854955725588164346940842786630738833311668086338812048993406627875818948914819316678433784472883107947150827418112730771165726422295838065290136656204305183681062358941954544617538033203389194497917362344779507907933457930952778285948136508570166989856730778407368193764241294623598058775696847518736534397297112966951721385759730339389";

Review Comment:
   ah, right. will do.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@santuario.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org