Skip to content

Commit

Permalink
ab#64984
Browse files Browse the repository at this point in the history
  • Loading branch information
Lee Fine committed Nov 5, 2024
1 parent ff1362a commit b84da4c
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
v2.9.1
- Big Fix: Use AES encryption when creating Pkcs12 files

v2.9.0
- Modify Discovery on Linux servers to filter out ignored folders when searching using the Find command rather than eliminating them after. This was done to eliminate permissions errors.
- Deprecated isRSAPrivateKey custom property on RFPEM certificate store type. Integration now reads the existing private key to determin if it is formatted as PKCS#1 or PKCS#8 and, on renewal, keeps the format the same. For new PEM certificate stores/certificates, PKCS#8 will always be used. PLEASE NOTE, for existing certificate stores that already have isRSAPrivateKey defined, this setting will be ignored.
Expand Down
11 changes: 11 additions & 0 deletions RemoteFile/ImplementedStoreTypes/PKCS12/PKCS12CertificateStoreSerializer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,13 @@
using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;

using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Asn1.Pkcs;

using Keyfactor.Logging;
using Microsoft.Extensions.Logging;
using System.Linq;
using Keyfactor.PKI.Extensions;
using Org.BouncyCastle.Asn1.Nist;

namespace Keyfactor.Extensions.Orchestrator.RemoteFile.PKCS12
{
Expand Down Expand Up @@ -53,6 +56,10 @@ public Pkcs12Store DeserializeRemoteCertificateStore(byte[] storeContents, strin
public List<SerializedStoreInfo> SerializeRemoteCertificateStore(Pkcs12Store certificateStore, string storePath, string storeFileName, string storePassword, IRemoteHandler remoteHandler)
{
Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
storeBuilder.SetCertAlgorithm(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc);
storeBuilder.SetKeyAlgorithm(NistObjectIdentifiers.IdAes256Cbc, PkcsObjectIdentifiers.IdHmacWithSha256);
storeBuilder.SetUseDerEncoding(true);

Pkcs12Store workingStore = storeBuilder.Build();

foreach (string alias in certificateStore.Aliases)
Expand Down Expand Up @@ -88,6 +95,10 @@ public string GetPrivateKeyPath()
private Pkcs12Store ConvertAliases(Pkcs12Store workingStore, bool useThumbprintAsAlias)
{
Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder();
storeBuilder.SetCertAlgorithm(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc);
storeBuilder.SetKeyAlgorithm(NistObjectIdentifiers.IdAes256Cbc, PkcsObjectIdentifiers.IdHmacWithSha256);
storeBuilder.SetUseDerEncoding(true);

Pkcs12Store returnStore = storeBuilder.Build();

if (HasEmptyAliases)
Expand Down

0 comments on commit b84da4c

Please sign in to comment.