MAC algorithm in PasswordContext config of central key generation is ignored

siemens / cmp-ra-component

A CMP Registration Authority (RA)

Apache License 2.0

3 stars 5 forks source link

MAC algorithm in PasswordContext config of central key generation is ignored #4

Closed DDvO closed 1 year ago

DDvO commented 1 year ago

Regardless what is specified in the config file (even an invalid algorithm), some reasonable value is used - I guess, 1.2.840.113549.2.9 (hmacWithSHA256). This may be an issue already at LightweightCmpRa level.

Akretsch commented 1 year ago

For PasswordBasedEncryption please utilize PRF, not MAC

DDvO commented 1 year ago

Good point. So I'll add to the config README that of the LwCmpRa that macAlgorithm is relevant only for password-based message protection.

DDvO commented 1 year ago

Done