[jboss-jira] [JBoss JIRA] (JGRP-2274) ASYM_ENCRYPT: deprecate sign_msgs
Chris Dolphy (Jira)
issues at jboss.org
Tue Jul 21 12:56:00 EDT 2020
[ https://issues.redhat.com/browse/JGRP-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14274175#comment-14274175 ]
Chris Dolphy commented on JGRP-2274:
------------------------------------
Unlikely a newer JDK would have any effect since GCM support was added in Java 8.
I think Nick is right that the code needs to create a GCMParameterSpec object instead of a IvParameterSpec and distribute it to clients using same mechanism. There's only one new parameter in GCMParameterSpec which is a size of the authentication tag to use (either 128, 120, 112, 104, 96, plus maybe 64 and 32). The authentication tag is just the size of the MAC / hash.
> ASYM_ENCRYPT: deprecate sign_msgs
> ---------------------------------
>
> Key: JGRP-2274
> URL: https://issues.redhat.com/browse/JGRP-2274
> Project: JGroups
> Issue Type: Enhancement
> Reporter: Bela Ban
> Assignee: Bela Ban
> Priority: Major
> Fix For: 4.0.12
>
>
> In {{ASYM_ENCRYPT}}, signing messages means that the checksum of an encrypted message is computed and used together with the secret key of the sender to sign the message. On the receiver side, the public key of the sender is used to validate the signature.
> However, this is redundant, as decryption of a message will fail if the contents have been changed.
> If needed, signing of messages can be done in a separate protocol.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list