lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adnan Yaqoob <itsad...@gmail.com>
Subject Re: Error: Strong key gen and multiprime gen require at least 1024-bit keysize
Date Mon, 31 Oct 2016 15:22:23 GMT
Definitely a valid JIRA. It may choose 512 default but shouldn't be hard
coded. There must be a way to pass on required lenght

Adnan

On Wed, Oct 5, 2016 at 9:02 PM, Erick Erickson <erickerickson@gmail.com>
wrote:

> Sure seems like a  JIRA to me. I have no clue why 512 was chosen in
> the first place though.
>
> Or you could post the same question on dev list first.
>
> But this is an appropriate JIRA I think.
>
> Erick
>
> On Wed, Oct 5, 2016 at 10:43 AM, Martini, Jeremy (CGI Federal)
> <Jeremy.Martini@cgifederal.com> wrote:
> > Hi,
> >
> >
> >
> > I'm looking at filing an issue in JIRA, but wanted to first make sure my
> > issue would be a valid change.
> >
> >
> >
> > In order to configure our dataSource without requiring a plaintext
> password
> > in the configuration file, we extended JdbcDataSource to create our own
> > custom implementation. Our dataSource config now looks something like
> this:
> >
> >
> >
> > <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.
> OracleDriver"
> > url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> > password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> >
> >
> >
> > We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting
> the
> > password. However, this seems to cause an issue when we try use Solr in a
> > Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> > multiprime gen require at least 1024-bit keysize." Full log attached.
> >
> >
> >
> > This seems to be due to the hard-coded value of 512 in the
> > org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> >
> >
> >
> >     public RSAKeyPair() {
> >
> >       KeyPairGenerator keyGen = null;
> >
> >       try {
> >
> >         keyGen = KeyPairGenerator.getInstance("RSA");
> >
> >       } catch (NoSuchAlgorithmException e) {
> >
> >         throw new SolrException(SolrException.ErrorCode.SERVER_ERROR,
> e);
> >
> >       }
> >
> >       keyGen.initialize(512);
> >
> >
> >
> > I pulled down the Solr code, changed the hard-coded value to 1024,
> rebuilt
> > it, and this now everything seems to work great.
> >
> >
> >
> > Would this be a valid code change to request? I'm happy to create the
> JIRA
> > ticket and supply a patch file.
> >
> >
> >
> > Thanks,
> >
> > Jeremy
>



-- 
Regards,
*Adnan Yaqoob*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message