saandrews commented on issue #839: Specify rsa transform, aes & tag length
URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338003748
 
 
   I see your point. But, if we do not enforce, a producer produced using 256 
bit AES key and if consumer host does not have the unlimited policy files 
installed, it will fail to decrypt. This is true for RSA/ECDSA keys as well. 
I'm considering the following change to address this:
   ```
               int aesKeyLength = 
javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
               if (aesKeyLength <= 128) {
                   log.warn(
                           "{} JCE Cryptographic strength is limited to {}. 
Consider installing JCE Unlimited Strength Jurisdiction Policy Files.",
                           logCtx, aesKeyLength);
                   keyGenerator.init(aesKeyLength, secureRandom);
               } else {
                   keyGenerator.init(256, secureRandom);
               }
   
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to