-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve DSA and RSA key generation bit size. #1600
Improve DSA and RSA key generation bit size. #1600
Conversation
This pull request changes some projects for the first time in this development cycle.
An additional commit containing all the necessary changes was pushed to the top of this PR's branch. To obtain these changes (for example if you want to push more changes) either fetch from your fork or apply the git patch. Git patch
Further information are available in Common Build Issues - Missing version increments. |
d905cd2
to
3d576c8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for creating this follow-up.
Can you please first make sure that you don't revert changes made before, i.e. your commit Reverted merge changes
is removed. If you have trouble compiling, you probably have to update your target-platform. You can do that for example by re-running your Oomph setup in your workspace.
After that, please squash all your changes into one commit with a meaningful message, In the commit message body you ideally also reference the issue fixed with this. E.g. using
Fixes https://github.com/eclipse-platform/eclipse.platform/issues/1464
.
If you squash your change please don't include the change the eclipse-platform-bot has pushed to this branch. This should stay separated.
If you subsequently apply changes from the review, please just amend your commit and force-push to the branch.
3d576c8
to
1b38c15
Compare
Thank you for the feedback. I was able to remove the
As someone who is still learning about Git, this comment was very helpful. Let me know if there are any more changes needed to be made. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After that, please squash all your changes into one commit with a meaningful message, In the commit message body you ideally also reference the issue fixed with this. E.g. using Fixes #1464. If you squash your change please don't include the change the eclipse-platform-bot has pushed to this branch. This should stay separated.
As someone who is still learning about Git, this comment was very helpful. Let me know if there are any more changes needed to be made.
You are welcome and thanks for the update:)
But with referencing Fixes https://github.com/eclipse-platform/eclipse.platform/issues/1464
I meant to mention it at the end of the commit message body and not only in the headline. The commit headline should still be a descriptive (half) sentence, just like this PR's name/headline. The following body can then contain more details and the mentioned reference.
The overall commit message could be for example (feel free to further adjust this):
[SSH] Increase bit-size of generated RSA and DSA keys
Generate RSA keys with 4096bit and DSA keys with 3072 (the underlying algorithm doesn't support higher values)
Fixes https://github.com/eclipse-platform/eclipse.platform/issues/1464
Regarding the implementation I have a two comments below.
if (__type == KeyPair.RSA) { | ||
kpairComment = _type + "-4096"; //$NON-NLS-1$ | ||
} else { | ||
kpairComment = _type + "-3072"; //$NON-NLS-1$ | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (__type == KeyPair.RSA) { | |
kpairComment = _type + "-4096"; //$NON-NLS-1$ | |
} else { | |
kpairComment = _type + "-3072"; //$NON-NLS-1$ | |
} | |
kpairComment = _type + "-" + keySize; //$NON-NLS-1$ |
if (__type == KeyPair.RSA) { | ||
_kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 4096); | ||
} else { | ||
_kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 3072); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As suggested in #1464 (comment), I think the key-size for RSA and DSA should be specified in a static final int constant at the top of this class:
private static final String SSH2_PREFERENCE_PAGE_CONTEXT="org.eclipse.jsch.ui.ssh2_preference_page_context"; //$NON-NLS-1$
private static final int RSA_KEY_SIZE = 4096;
private static final int DSA_KEY_SIZE = 3072;
Then you can create a variable in this method, before BusyIndicator.showWhile()
that holds the actual keySize used for the specified key type:
int keySize = type == KeyPair.RSA ? RSA_KEY_SIZE : DSA_KEY_SIZE;
final JSchException[] _e=new JSchException[1];
BusyIndicator.showWhile(getShell().getDisplay(), () -> {
and then this if-else-block can stay a one-liner:
if (__type == KeyPair.RSA) { | |
_kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 4096); | |
} else { | |
_kpair[0] = KeyPair.genKeyPair(getJSch(), __type, 3072); | |
} | |
_kpair[0] = KeyPair.genKeyPair(getJSch(), __type, keySize); |
as well as the block below to create the comment.
This implementation allows to generate RSA keys with 4096 bits and DSA keys with 3072 bits. (DSA does not support 4096 bits or higher within the key algorithm) Originally generates 1024 bits for RSA and DSA keys. Fixes eclipse-platform#1464
1b38c15
to
28c0896
Compare
I see there was a misunderstanding between my thought and your intention. Thank you for the clarification; I changed how the format of the commit message should look like.
I really like this implementation of both comments as it looks organized and easier for readability. I readjusted the changes as you have suggested. Thank you for the suggestion. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the adjustments.
Looks good and works well now. Nice work. :)
Generating a DSA or RSA key originally gave a bit size of 1024, which is not the recommended bit size of 2048 nor the stronger bit size of 4096.
This change allows a DSA-3072 key or an RSA-4096 key to be generated.
Note: DSA-4096 is not possible with the current algorithm of the DSA key generator. Therefore, DSA-3072 is implemented instead of DSA-4096.
Original PR from #1596
Fixes #1464