From d4fe1400d20900c6e4e761c13fce61d6fa0ecca1 Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Tue, 7 Jan 2014 22:04:23 +0100 Subject: [PATCH] Longer RSA key and stronger node ID hash (ref #23) --- tls.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tls.go b/tls.go index e0e5a486..a8a0e12a 100644 --- a/tls.go +++ b/tls.go @@ -3,7 +3,7 @@ package main import ( "crypto/rand" "crypto/rsa" - "crypto/sha1" + "crypto/sha256" "crypto/tls" "crypto/x509" "crypto/x509/pkix" @@ -12,11 +12,12 @@ import ( "math/big" "os" "path" + "strings" "time" ) const ( - tlsRSABits = 2048 + tlsRSABits = 3072 tlsName = "syncthing" ) @@ -25,13 +26,15 @@ func loadCert(dir string) (tls.Certificate, error) { } func certId(bs []byte) string { - hf := sha1.New() + hf := sha256.New() hf.Write(bs) id := hf.Sum(nil) - return base32.StdEncoding.EncodeToString(id) + return strings.Trim(base32.StdEncoding.EncodeToString(id), "=") } func newCertificate(dir string) { + infoln("Generating RSA certificate and key...") + priv, err := rsa.GenerateKey(rand.Reader, tlsRSABits) fatalErr(err) @@ -47,7 +50,7 @@ func newCertificate(dir string) { NotAfter: notAfter, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, BasicConstraintsValid: true, } @@ -58,11 +61,11 @@ func newCertificate(dir string) { fatalErr(err) pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) certOut.Close() - okln("Created TLS certificate file") + okln("Created RSA certificate file") keyOut, err := os.OpenFile(path.Join(dir, "key.pem"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) fatalErr(err) pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) keyOut.Close() - okln("Created TLS key file") + okln("Created RSA key file") }