AtaraxiaDev/cryptomator-android
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Use HS256 instead of defaulting to HS512 for signing vault.cryptomator

Browse Source 
New vaults should be created using HS256 to be compatible with the desktop and iOS app. Before, we was defaulting to HS512. Now we specify the correct version.
While unlock, the algorithm specified in the header is used. 

Fixes #366
This commit is contained in:
Julian Raufelder 2021-10-20 10:53:04 +02:00
parent 9074ae5aae
commit fdb6341773
No known key found for this signature in database
GPG Key ID: 17EE71F6634E381D
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
View File

@ -14,6 +14,7 @@ import io.jsonwebtoken.JwsHeader
import io.jsonwebtoken.JwtException
import io.jsonwebtoken.Jwts
import io.jsonwebtoken.MissingClaimException
import io.jsonwebtoken.SignatureAlgorithm
import io.jsonwebtoken.SigningKeyResolverAdapter
import io.jsonwebtoken.security.Keys
import io.jsonwebtoken.security.SignatureException
@ -34,7 +35,7 @@ class VaultConfig private constructor(builder: VaultConfigBuilder) {
.claim(JSON_KEY_VAULTFORMAT, vaultFormat) //
.claim(JSON_KEY_CIPHERCONFIG, cipherCombo.name) //
.claim(JSON_KEY_SHORTENING_THRESHOLD, shorteningThreshold) //
.signWith(Keys.hmacShaKeyFor(rawKey)) //
.signWith(Keys.hmacShaKeyFor(rawKey), SignatureAlgorithm.HS256) //
.compact()
}