Skip to content

Commit

Permalink
Merge pull request #261 from juniorsysadmin/no-sha1-digest
Browse files Browse the repository at this point in the history 
Allow selection of digest, default to SHA256
  • Loading branch information
@bastelfreak
bastelfreak authored Feb 19, 2018
2 parents 78a3b0a + d9180b7 commit b7b2d2d
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion lib/hiera/backend/eyaml/encryptors/pkcs7.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ class Pkcs7 < Encryptor
:keysize => { :desc => "Key size used for encryption",
:type => :integer,
:default => 2048 },
:digest => { :desc => "Hash function used for PKCS7",
:type => :string,
:default => "SHA256"},
}

self.tag = "PKCS7"
Expand Down Expand Up @@ -71,6 +74,7 @@ def self.create_keys
private_key = self.option :private_key
subject = self.option :subject
keysize = self.option :keysize
digest = self.option :digest

key = OpenSSL::PKey::RSA.new(keysize)
EncryptHelper.ensure_key_dir_exists private_key
Expand Down Expand Up @@ -98,7 +102,7 @@ def self.create_keys
cert.add_extension ef.create_extension("authorityKeyIdentifier",
"keyid:always,issuer:always")

cert.sign key, OpenSSL::Digest::SHA1.new
cert.sign key, OpenSSL::Digest.new(digest)

EncryptHelper.ensure_key_dir_exists public_key
EncryptHelper.write_important_file :filename => public_key, :content => cert.to_pem
Expand Down

0 comments on commit b7b2d2d

Please sign in to comment.