Stop using deprecated x509.EncryptPEMBlock #102
Comments
|
I'd be happy to fix this, since this is for test code, I'm curious how important it is atm. |
|
I don't have a sense of how important this is. |
|
Yes! Makes sense. I guess we need to chase down what a suitable replacement is. |
|
@k4leung4 A couple questions for this -
On-disk signing keys are not as secure as a remote signer, so I want to make sure this isn't the default. I've also been digging into this a bit recently - EncryptPEMBlock is deprecated because there's a certain attack that's possible with its weak encryption scheme. One option are PKCS#8 encrypted keys, what Ville linked, which are still vulnerable to the same attack but use a stronger PBKDF function that makes brute force harder. The other option is a better encryption algorithm like AES-GCM, but it's harder to generate an encrypted key using available tooling. |
|
This not used for staging or production, as it is only used when the certificate authority is set to |
|
Sweet, thanks for confirming. I'm looking at dropping support for RFC1423 keys in Fulcio, so I may need to import a third-party library for PKCS#8 key generation in Scaffolding. Any concerns? |
|
the main use case for this at the moment is e2e testing i think. |
|
@priyawadhwa is this done now with #1310 ? |
|
I think so -- I replaced it everywhere I could, but couldn't make the change in ctlog createcerts because I don't think the ctlog supports using PKCS#8 keys |
Description
As noted in the documentation, https://pkg.go.dev/crypto/x509#EncryptPEMBlock
Deprecated: Legacy PEM encryption as specified in [RFC 1423](https://rfc-editor.org/rfc/rfc1423.html) is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext.https://github.com/sigstore/scaffolding/blob/main/cmd/fulcio/createcerts/main.go#L172
The text was updated successfully, but these errors were encountered: