Currently public keys cannot be generated on FIPS-compliant systems because these systems do not permit use of the MD5 algorithm:
> k <- openssl::rsa_keygen(2048)
> pub <- k$pubkey
Error: OpenSSL error in EVP_DigestInit_ex: disabled for fips
Given the existing API there's no easy way to pass through the hash function you want, so this commit does the easiest thing and just changes the fingerprint to use SHA-256, which will work on FIPS-compliant systems.
Worth mentioning is that recent versions of OpenSSL's command-line tools have also switched to SHA-256 by default, so this is not an unreasonable move.
Related unit tests have also been updated.
Side note: this originally surfaced in rstudio/rsconnect#452.
@jeroen indicated to me privately that he was uncomfortable making a breaking change of this kind, so I have opened #95 with a different approach instead.
Currently public keys cannot be generated on FIPS-compliant systems because these systems do not permit use of the MD5 algorithm:
Given the existing API there's no easy way to pass through the hash function you want, so this commit does the easiest thing and just changes the fingerprint to use SHA-256, which will work on FIPS-compliant systems.
Worth mentioning is that recent versions of OpenSSL's command-line tools have also switched to SHA-256 by default, so this is not an unreasonable move.
Related unit tests have also been updated.
Side note: this originally surfaced in rstudio/rsconnect#452.