search

mdkrajnak / chibicm

A simple but not too simple certificate management utility.
MIT License
0 stars 0 forks source link

Message digest type should be an option #9

Open mdkrajnak opened 9 months ago

mdkrajnak commented 9 months ago

Currently everything is hard coded to SHA256:

cert_builder.sign(&key_pair, MessageDigest::sha256())?;

The library supports: MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256, SM3, RIPEMD160

SHAKE is related to FIPS. SM3 is a Chinese standard. MD5 and SHA1 are old and can probably be omitted.

Documentation on the SHAKE digests implies that they might be used differently that the SHA algorithms, proceed with caution.

mdkrajnak commented 9 months ago

Would this be specified in the CSR?