[jira] [Created] (SOLR-9609) Change hard-coded keysize from 512 to 1024

["Jeremy Martini (JIRA)" <ji...@apache.org>]

Jeremy Martini created SOLR-9609:
------------------------------------

             Summary: Change hard-coded keysize from 512 to 1024
                 Key: SOLR-9609
                 URL: https://issues.apache.org/jira/browse/SOLR-9609
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Jeremy Martini


In order to configure our dataSource without requiring a plaintext password in the configuration file, we extended JdbcDataSource to create our own custom implementation. Our dataSource config now looks something like this:

{code:xml}
<dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser" password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
{code}

We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the password. However, this seems to cause an issue when we try use Solr in a Cloud Configuration (using Zookeeper). The error is "Strong key gen and multiprime gen require at least 1024-bit keysize." Full log attached.

This seems to be due to the hard-coded value of 512 in the org.apache.solr.util.CryptoKeys$RSAKeyPair class:

{code:java}
public RSAKeyPair() {
  KeyPairGenerator keyGen = null;
  try {
    keyGen = KeyPairGenerator.getInstance("RSA");
  } catch (NoSuchAlgorithmException e) {
    throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
  }
  keyGen.initialize(512);
{code}

I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt it, and this now everything seems to work great.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org