Skip to content

Commit

Permalink
Make SHA256 the default HashAlgorithm.
Browse files Browse the repository at this point in the history 
As of 2020, attacks against SHA1 need to be considered practical.
It is therefore recommended to move on to a more secure hash algorithm.

Other OpenPGP implementations, such as Sequoia-PGP moved on as well.
See e.g. https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
  • Loading branch information
@vanitasvitae @ctron
vanitasvitae authored and ctron committed Apr 2, 2024
1 parent 890e443 commit 840f390
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions rpm/src/main/java/org/eclipse/packager/rpm/HashAlgorithm.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ public String getId() {
* <p>
* This method will return the hash algorithm as specified by the
* parameter "name". If this parameter is {@code null} or an empty
* string, then the default algorithm {@link #SHA1} will be returned. If
* string, then the default algorithm {@link #SHA256} will be returned. If
* algorithm is an invalid name, then an exception is thrown.
* </p>
*
Expand All @@ -52,7 +52,7 @@ public String getId() {
*/
public static HashAlgorithm from(final String name) {
if (name == null || name.isEmpty()) {
return SHA1;
return SHA256;
}

return HashAlgorithm.valueOf(name);
Expand Down
2 changes: 1 addition & 1 deletion rpm/src/main/java/org/eclipse/packager/rpm/signature/RsaHeaderSignatureProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public RsaHeaderSignatureProcessor(final PGPPrivateKey privateKey, final HashAlg
}

public RsaHeaderSignatureProcessor(final PGPPrivateKey privateKey) {
this(privateKey, HashAlgorithmTags.SHA1);
this(privateKey, HashAlgorithmTags.SHA256);
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion rpm/src/main/java/org/eclipse/packager/rpm/signature/RsaSignatureProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public RsaSignatureProcessor(final PGPPrivateKey privateKey, final HashAlgorithm
}

public RsaSignatureProcessor(final PGPPrivateKey privateKey) {
this(privateKey, HashAlgorithmTags.SHA1);
this(privateKey, HashAlgorithmTags.SHA256);
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion rpm/src/main/java/org/eclipse/packager/rpm/yum/RepositoryCreator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ public Builder setSigning(final Function<OutputStream, OutputStream> signingStre
}

public Builder setSigning(final PGPPrivateKey privateKey) {
return setSigning(privateKey, HashAlgorithmTags.SHA1);
return setSigning(privateKey, HashAlgorithmTags.SHA256);
}

public Builder setSigning(final PGPPrivateKey privateKey, final HashAlgorithm hashAlgorithm) {
Expand Down

0 comments on commit 840f390

Please sign in to comment.