[jira] [Commented] (SOLR-9609) Change hard-coded keysize from 512 to 1024

[Hrishikesh Gadre (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15637847#comment-15637847
 ] 

Hrishikesh Gadre commented on SOLR-9609:
----------------------------------------

[~erickerickson] Also I don't think we need to worry about the default 
constructor problem for CryptoKeys class. Currently only 
PKIAuthenticationHandler is using it. Even if someone used the default 
constructor in future, we can always have them use the other constructor. I 
feel it is more important to provide a consistent configuration mechanism 
across various authentication plugins.

> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
>                 Key: SOLR-9609
>                 URL: https://issues.apache.org/jira/browse/SOLR-9609
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Jeremy Martini
>            Assignee: Erick Erickson
>         Attachments: SOLR-9609.patch, SOLR-9609.patch, SOLR-9609.patch, 
> solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password 
> in the configuration file, we extended JdbcDataSource to create our own 
> custom implementation. Our dataSource config now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver" 
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser" 
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the 
> password. However, this seems to cause an issue when we try use Solr in a 
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and 
> multiprime gen require at least 1024-bit keysize." Full log attached.
> This seems to be due to the hard-coded value of 512 in the 
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> {code:java}
> public RSAKeyPair() {
>   KeyPairGenerator keyGen = null;
>   try {
>     keyGen = KeyPairGenerator.getInstance("RSA");
>   } catch (NoSuchAlgorithmException e) {
>     throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
>   }
>   keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt 
> it, and now everything seems to work great.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org