[jira] [Commented] (SOLR-9609) Change hard-coded keysize from 512 to 1024

Wed, 16 Nov 2016 15:13:26 -0800 

    [ 
https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15672014#comment-15672014
 ] 

Erick Erickson commented on SOLR-9609:
--------------------------------------

Messed up JIRA number, here are the commits, typed 9606 instead of 9609:

Commit e402a304bf97ead8c2a7f00a745e837fe0c6d449 in lucene-solr's branch 
refs/heads/master from Erick Erickson
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=e402a30 ]

SOLR-9606: Change hard-coded keysize from 512 to 1024


Commit 8bd4ad36c5297cfd2c39be807a7f099cda4ec13e in lucene-solr's branch 
refs/heads/branch_6x from Erick Erickson
[ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=8bd4ad3 ]

SOLR-9606: Change hard-coded keysize from 512 to 1024
(cherry picked from commit e402a30)



> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
>                 Key: SOLR-9609
>                 URL: https://issues.apache.org/jira/browse/SOLR-9609
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Jeremy Martini
>            Assignee: Erick Erickson
>         Attachments: SOLR-9609.patch, SOLR-9609.patch, SOLR-9609.patch, 
> SOLR-9609.patch, solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password 
> in the configuration file, we extended JdbcDataSource to create our own 
> custom implementation. Our dataSource config now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver" 
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser" 
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the 
> password. However, this seems to cause an issue when we try use Solr in a 
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and 
> multiprime gen require at least 1024-bit keysize." Full log attached.
> This seems to be due to the hard-coded value of 512 in the 
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> {code:java}
> public RSAKeyPair() {
>   KeyPairGenerator keyGen = null;
>   try {
>     keyGen = KeyPairGenerator.getInstance("RSA");
>   } catch (NoSuchAlgorithmException e) {
>     throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
>   }
>   keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt 
> it, and now everything seems to work great.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to