Merge "encrypt: use pkeyutl"
This commit is contained in:
commit
73a1cc0268
@ -79,9 +79,14 @@ def encrypt_with_openssl(pubkey_path, plaintext, logger=None):
|
|||||||
'Input plaintext length: {} bytes'.format(len(plaintext)))
|
'Input plaintext length: {} bytes'.format(len(plaintext)))
|
||||||
logger.info('Number of chunks: {}'.format(chunks))
|
logger.info('Number of chunks: {}'.format(chunks))
|
||||||
|
|
||||||
cmd = ['openssl', 'rsautl', '-encrypt',
|
# NOTE(ianw) 2023-03-29 : previously this used the deprecated
|
||||||
'-oaep', '-pubin', '-inkey',
|
# rsautl tool, which hardcoded sha1 as the oaep hash; so zuul
|
||||||
pubkey_path]
|
# assumes that on decryption. Be careful modifying it.
|
||||||
|
cmd = ['openssl', 'pkeyutl', '-encrypt', '-pubin',
|
||||||
|
'-inkey', pubkey_path,
|
||||||
|
'-pkeyopt', 'rsa_padding_mode:oaep',
|
||||||
|
'-pkeyopt', 'rsa_oaep_md:sha1']
|
||||||
|
|
||||||
if logger:
|
if logger:
|
||||||
logger.debug('Invoking "%s" with each data chunk:' % ' '.join(cmd))
|
logger.debug('Invoking "%s" with each data chunk:' % ' '.join(cmd))
|
||||||
for count in range(chunks):
|
for count in range(chunks):
|
||||||
|
Loading…
Reference in New Issue
Block a user