lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erick Erickson <erickerick...@gmail.com>
Subject Re: Error: Strong key gen and multiprime gen require at least 1024-bit keysize
Date Mon, 31 Oct 2016 17:06:22 GMT
See: https://issues.apache.org/jira/browse/SOLR-9609

Not quite sure when I'll get to it though...

Erick

On Mon, Oct 31, 2016 at 8:22 AM, Adnan Yaqoob <itsadnan@gmail.com> wrote:
> Definitely a valid JIRA. It may choose 512 default but shouldn't be hard
> coded. There must be a way to pass on required lenght
>
> Adnan
>
> On Wed, Oct 5, 2016 at 9:02 PM, Erick Erickson <erickerickson@gmail.com>
> wrote:
>
>> Sure seems like a  JIRA to me. I have no clue why 512 was chosen in
>> the first place though.
>>
>> Or you could post the same question on dev list first.
>>
>> But this is an appropriate JIRA I think.
>>
>> Erick
>>
>> On Wed, Oct 5, 2016 at 10:43 AM, Martini, Jeremy (CGI Federal)
>> <Jeremy.Martini@cgifederal.com> wrote:
>> > Hi,
>> >
>> >
>> >
>> > I'm looking at filing an issue in JIRA, but wanted to first make sure my
>> > issue would be a valid change.
>> >
>> >
>> >
>> > In order to configure our dataSource without requiring a plaintext
>> password
>> > in the configuration file, we extended JdbcDataSource to create our own
>> > custom implementation. Our dataSource config now looks something like
>> this:
>> >
>> >
>> >
>> > <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.
>> OracleDriver"
>> > url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
>> > password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
>> >
>> >
>> >
>> > We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting
>> the
>> > password. However, this seems to cause an issue when we try use Solr in a
>> > Cloud Configuration (using Zookeeper). The error is "Strong key gen and
>> > multiprime gen require at least 1024-bit keysize." Full log attached.
>> >
>> >
>> >
>> > This seems to be due to the hard-coded value of 512 in the
>> > org.apache.solr.util.CryptoKeys$RSAKeyPair class:
>> >
>> >
>> >
>> >     public RSAKeyPair() {
>> >
>> >       KeyPairGenerator keyGen = null;
>> >
>> >       try {
>> >
>> >         keyGen = KeyPairGenerator.getInstance("RSA");
>> >
>> >       } catch (NoSuchAlgorithmException e) {
>> >
>> >         throw new SolrException(SolrException.ErrorCode.SERVER_ERROR,
>> e);
>> >
>> >       }
>> >
>> >       keyGen.initialize(512);
>> >
>> >
>> >
>> > I pulled down the Solr code, changed the hard-coded value to 1024,
>> rebuilt
>> > it, and this now everything seems to work great.
>> >
>> >
>> >
>> > Would this be a valid code change to request? I'm happy to create the
>> JIRA
>> > ticket and supply a patch file.
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Jeremy
>>
>
>
>
> --
> Regards,
> *Adnan Yaqoob*

Mime
View raw message