Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61373

Use maximum strength encryption keys by default

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      As of, checks notes, 2009, the US loosened its embargo on the export of cryptographic software significantly. This includes the key size restrictions on AES and RSA.

      The following places inside Jenkins should be updated to use AES-256 and RSA-4096 keys along with appropriate migration code for data encrypted with older keys:

      • jenkins.security.DefaultConfidentialStore.masterKey: upgrade to AES-256; should also try using a more standardized key file format like PKCS12 to allow it to be managed externally.
      • jenkins.security.CryptoConfidentialKey.secret: upgrade to AES-256; would also be nice to use the standardized key file format like PKCS12.
      • jenkins.security.RSAConfidentialKey: upgrade priv and pub to RSA-4096.

        Attachments

          Activity

          jvz Matt Sicker created issue -
          danielbeck Daniel Beck made changes -
          Field Original Value New Value
          Labels security

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jvz Matt Sicker
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: