lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erick Erickson <erickerick...@gmail.com>
Subject Re: Error: Strong key gen and multiprime gen require at least 1024-bit keysize
Date Thu, 06 Oct 2016 02:02:09 GMT
Sure seems like a  JIRA to me. I have no clue why 512 was chosen in
the first place though.

Or you could post the same question on dev list first.

But this is an appropriate JIRA I think.

Erick

On Wed, Oct 5, 2016 at 10:43 AM, Martini, Jeremy (CGI Federal)
<Jeremy.Martini@cgifederal.com> wrote:
> Hi,
>
>
>
> I'm looking at filing an issue in JIRA, but wanted to first make sure my
> issue would be a valid change.
>
>
>
> In order to configure our dataSource without requiring a plaintext password
> in the configuration file, we extended JdbcDataSource to create our own
> custom implementation. Our dataSource config now looks something like this:
>
>
>
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
>
>
>
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
> password. However, this seems to cause an issue when we try use Solr in a
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> multiprime gen require at least 1024-bit keysize." Full log attached.
>
>
>
> This seems to be due to the hard-coded value of 512 in the
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
>
>
>
>     public RSAKeyPair() {
>
>       KeyPairGenerator keyGen = null;
>
>       try {
>
>         keyGen = KeyPairGenerator.getInstance("RSA");
>
>       } catch (NoSuchAlgorithmException e) {
>
>         throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
>
>       }
>
>       keyGen.initialize(512);
>
>
>
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt
> it, and this now everything seems to work great.
>
>
>
> Would this be a valid code change to request? I'm happy to create the JIRA
> ticket and supply a patch file.
>
>
>
> Thanks,
>
> Jeremy

Mime
View raw message