Browse Source

Remove the signature algorithm from the key hash

The key hash is responsible for the initiation of a key rollover on
endpoints. Therefore, it should differ only when such an action is
required, which is only if the key pair has changed. For this, hashing
the public key is sufficient. Adding the signature algorithm will
generate unnecessary key rollovers.
pull/39/head
Rodolphe Breard 4 years ago
parent
commit
35fc59f761
  1. 4
      acmed/src/account.rs

4
acmed/src/account.rs

@ -282,8 +282,6 @@ fn hash_contacts(contacts: &[contact::AccountContact]) -> Vec<u8> {
}
fn hash_key(key: &AccountKey) -> Result<Vec<u8>, Error> {
let mut msg = key.signature_algorithm.to_string().into_bytes();
let pem = key.key.public_key_to_pem()?;
msg.extend_from_slice(&pem);
Ok(HashFunction::Sha256.hash(&msg))
Ok(HashFunction::Sha256.hash(&pem))
}
Loading…
Cancel
Save