Uploaded image for project: 'XML Security Tool - Java'
  1. XML Security Tool - Java
  2. XSTJ-39

add SHA-1 to the default verification blacklist

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 2.0.0
    • Component/s: Signature Verification
    • Labels:
      None

      Description

      With the current deprecation and future (2014) disallowing of SHA-1 for digital signatures by NIST recommendations, we should add SHA-1 to the default blacklist.

      This is probably not appropriate for any release that occurs before the start of 2014.

      When we do this, it is probably also worth introducing something to allow people to easily remove SHA-1 from the blacklist without exposing themselves to all other blacklisted algorithms. So, although it would be possible to get the effect like this:

      --clearBlacklist --blacklistDigest MD5
      

      ...that seems counterintuitive and it would be better to introduce something like this instead:

      --whitelistDigest SHA-1
      

        Attachments

          Activity

            People

            Assignee:
            ian@iay.org.uk Ian Young
            Reporter:
            ian@iay.org.uk Ian Young
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 39 minutes
                1h 39m