Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SetDefaultDigestAlgorithm #29

Merged
merged 2 commits into from
Feb 14, 2025
Merged

Add SetDefaultDigestAlgorithm #29

merged 2 commits into from
Feb 14, 2025

Conversation

hslatman
Copy link
Member

No description provided.

@hslatman hslatman linked an issue Sep 10, 2024 that may be closed by this pull request
Use of deprecated sha1 #27
Open
Base automatically changed from herman/support-windows-scep-request-certificates to main September 11, 2024 09:15
@stv0g stv0g mentioned this pull request Sep 17, 2024
Open
@stv0g
Copy link

stv0g commented Sep 17, 2024

I dont think its a good way to configure the digest alg like this.

We should redesign the API, release a v2 of the package which passes the algorithm directly in the digest / encrypt operations.

@hslatman
Copy link
Member Author

hslatman commented Sep 17, 2024
edited
Loading

@stv0g I don't disagree with you 😛

The goal of this change is to keep the current logic intact, while having a backwards compatible change to support a better hashing algorithm if implementers choose to do so. It's fairly similar to existing knobs exposed in the package. We don't intend this to be the new API.

@pkpfr
Copy link

pkpfr commented Sep 26, 2024

+1 for this. I have a requirement to use AES256. Apple are no longer supporting SHA1 on some of their non-public verification APIs and we cannot implement their specification without this.

@jessepeterson jessepeterson mentioned this pull request Sep 26, 2024
Open
@faisal-memon
Copy link

There is already a SetDigestAlgorithm() function to change the digest to use. Is that not working?

@hslatman
Copy link
Member Author

hslatman commented Sep 30, 2024
edited
Loading

There is already a SetDigestAlgorithm() function to change the digest to use. Is that not working?

It works, but that has to be called on every new instance of SignedData. It can happen that the SignedData isn't easily accessible, making it harder to change on a per-use basis. The new function allows to override the package default for an entire application, which makes things a bit simpler to implement and reason about.

@hslatman hslatman mentioned this pull request Feb 12, 2025
Open
@hslatman hslatman force-pushed the herman/support-setting-global-default-digest-algorithm branch from 5ee55ff to 9b402c9 Compare February 12, 2025 22:21
@hslatman hslatman force-pushed the herman/support-setting-global-default-digest-algorithm branch from 0fd42b5 to 7003208 Compare February 12, 2025 23:38
@hslatman hslatman marked this pull request as ready for review February 12, 2025 23:42
@hslatman hslatman requested review from a team, maraino and azazeal February 12, 2025 23:42
@hslatman hslatman removed a link to an issue Feb 12, 2025
Use of deprecated sha1 #27
Open
@hslatman hslatman merged commit 8461335 into main Feb 14, 2025
13 checks passed
@hslatman hslatman deleted the herman/support-setting-global-default-digest-algorithm branch February 14, 2025 11:46
@hslatman hslatman mentioned this pull request Feb 14, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@azazeal azazeal azazeal approved these changes

@maraino maraino Awaiting requested review from maraino

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hslatman @stv0g @pkpfr @faisal-memon @azazeal