Improve DSA and RSA key generation bit size. #1600
Conversation
|
This pull request changes some projects for the first time in this development cycle. An additional commit containing all the necessary changes was pushed to the top of this PR's branch. To obtain these changes (for example if you want to push more changes) either fetch from your fork or apply the git patch. Git patchFurther information are available in Common Build Issues - Missing version increments. |
HannesWell
force-pushed
the
team-alex-shawn-chelsy
branch
from
d905cd2
to
3d576c8
Compare
There was a problem hiding this comment.
Thank you for creating this follow-up.
Can you please first make sure that you don't revert changes made before, i.e. your commit Reverted merge changes is removed. If you have trouble compiling, you probably have to update your target-platform. You can do that for example by re-running your Oomph setup in your workspace.
After that, please squash all your changes into one commit with a meaningful message, In the commit message body you ideally also reference the issue fixed with this. E.g. using
Fixes https://github.com/eclipse-platform/eclipse.platform/issues/1464.
If you squash your change please don't include the change the eclipse-platform-bot has pushed to this branch. This should stay separated.
If you subsequently apply changes from the review, please just amend your commit and force-push to the branch.
axmanalad
force-pushed
the
team-alex-shawn-chelsy
branch
from
3d576c8
to
1b38c15
Compare
|
Thank you for the feedback. I was able to remove the
As someone who is still learning about Git, this comment was very helpful. Let me know if there are any more changes needed to be made. |
There was a problem hiding this comment.
After that, please squash all your changes into one commit with a meaningful message, In the commit message body you ideally also reference the issue fixed with this. E.g. using Fixes #1464. If you squash your change please don't include the change the eclipse-platform-bot has pushed to this branch. This should stay separated.
As someone who is still learning about Git, this comment was very helpful. Let me know if there are any more changes needed to be made.
You are welcome and thanks for the update:)
But with referencing Fixes https://github.com/eclipse-platform/eclipse.platform/issues/1464 I meant to mention it at the end of the commit message body and not only in the headline. The commit headline should still be a descriptive (half) sentence, just like this PR's name/headline. The following body can then contain more details and the mentioned reference.
The overall commit message could be for example (feel free to further adjust this):
[SSH] Increase bit-size of generated RSA and DSA keys
Generate RSA keys with 4096bit and DSA keys with 3072 (the underlying algorithm doesn't support higher values)
Fixes https://github.com/eclipse-platform/eclipse.platform/issues/1464
Regarding the implementation I have a two comments below.
| if (__type == KeyPair.RSA) { | ||
| kpairComment = _type + "-4096"; //$NON-NLS-1$ | ||
| } else { | ||
| kpairComment = _type + "-3072"; //$NON-NLS-1$ | ||
| } |
There was a problem hiding this comment.
| if (__type == KeyPair.RSA) { | |
| kpairComment = _type + "-4096"; //$NON-NLS-1$ | |
| } else { | |
| kpairComment = _type + "-3072"; //$NON-NLS-1$ | |
| } | |
| kpairComment = _type + "-" + keySize; //$NON-NLS-1$ |
| if (__type == KeyPair.RSA) { | ||
| _kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 4096); | ||
| } else { | ||
| _kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 3072); | ||
| } |
There was a problem hiding this comment.
As suggested in #1464 (comment), I think the key-size for RSA and DSA should be specified in a static final int constant at the top of this class:
private static final String SSH2_PREFERENCE_PAGE_CONTEXT="org.eclipse.jsch.ui.ssh2_preference_page_context"; //$NON-NLS-1$
private static final int RSA_KEY_SIZE = 4096;
private static final int DSA_KEY_SIZE = 3072;
Then you can create a variable in this method, before BusyIndicator.showWhile() that holds the actual keySize used for the specified key type:
int keySize = type == KeyPair.RSA ? RSA_KEY_SIZE : DSA_KEY_SIZE;
final JSchException[] _e=new JSchException[1];
BusyIndicator.showWhile(getShell().getDisplay(), () -> {
and then this if-else-block can stay a one-liner:
| if (__type == KeyPair.RSA) { | |
| _kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 4096); | |
| } else { | |
| _kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 3072); | |
| } | |
| _kpair[0] = KeyPair.genKeyPair(getJSch(), __type, keySize); |
as well as the block below to create the comment.
This implementation allows to generate RSA keys with 4096 bits and DSA keys with 3072 bits. (DSA does not support 4096 bits or higher within the key algorithm) Originally generates 1024 bits for RSA and DSA keys. Fixes eclipse-platform#1464
axmanalad
force-pushed
the
team-alex-shawn-chelsy
branch
from
1b38c15
to
28c0896
Compare
I see there was a misunderstanding between my thought and your intention. Thank you for the clarification; I changed how the format of the commit message should look like.
I really like this implementation of both comments as it looks organized and easier for readability. I readjusted the changes as you have suggested. Thank you for the suggestion. |
Generating a DSA or RSA key originally gave a bit size of 1024, which is not the recommended bit size of 2048 nor the stronger bit size of 4096.
This change allows a DSA-3072 key or an RSA-4096 key to be generated.
Note: DSA-4096 is not possible with the current algorithm of the DSA key generator. Therefore, DSA-3072 is implemented instead of DSA-4096.
Original PR from #1596
Fixes #1464