| commit | cec551aeac0cbcf1afc430a463b91d7fea61b879 | [log] [tgz] |
|---|---|---|
| author | Vasyl Gello <vasek.gello@gmail.com> | Fri Oct 26 22:26:35 2018 +0300 |
| committer | LuK1337 <priv.luk@gmail.com> | Fri Jul 14 09:57:33 2023 +0200 |
| tree | dff9966844125a11a36f444256c29e11f1c449d2 | |
| parent | e0caa3b4afaf540dd6d2943dcf59528bdf7f4145 [diff] |
make-key: Enforce PBEv1 password-protected signing keys The bug https://bugs.openjdk.java.net/browse/JDK-8076999 prevents the usage of PBESv2 key encryption schemes enforced by recent OpenSSL versions. So we enforce the PBE-SHA1-3DES scheme as recommended in https://pthree.org/2013/05/27/strengthen-your-private-encrypted-ssh-keys/ Change-Id: I43239d4da1512d08563847db57af74146f8f66ea Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
diff --git a/tools/make_key b/tools/make_key index a6cf49c..9eb3c98 100755 --- a/tools/make_key +++ b/tools/make_key
@@ -69,7 +69,7 @@ else echo "creating ${1}.pk8 with password [${password}]" export password - openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ + openssl pkcs8 -in ${one} -topk8 -v1 PBE-SHA1-3DES -outform DER -out $1.pk8 \ -passout env:password unset password fi