Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove the signature algorithm from the key hash 

The key hash is responsible for the initiation of a key rollover on
endpoints. Therefore, it should differ only when such an action is
required, which is only if the key pair has changed. For this, hashing
the public key is sufficient. Adding the signature algorithm will
generate unnecessary key rollovers.
pull/39/head
Rodolphe Breard 4 years ago
parent
f44d95e7b1
commit
35fc59f761
1 changed files with 1 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      acmed/src/account.rs

4
acmed/src/account.rs
View File

@ -282,8 +282,6 @@ fn hash_contacts(contacts: &[contact::AccountContact]) -> Vec<u8> {
} }
fn hash_key(key: &AccountKey) -> Result<Vec<u8>, Error> { fn hash_key(key: &AccountKey) -> Result<Vec<u8>, Error> {
let mut msg = key.signature_algorithm.to_string().into_bytes();
let pem = key.key.public_key_to_pem()?; let pem = key.key.public_key_to_pem()?;
msg.extend_from_slice(&pem);
Ok(HashFunction::Sha256.hash(&msg))
Ok(HashFunction::Sha256.hash(&pem))
} }
Write Preview
Loading…
Cancel
Save