[JIRA] (JENKINS-61373) Use maximum strength encryption keys by default

4 views
Skip to first unread message

msicker@cloudbees.com (JIRA)

unread,
Mar 6, 2020, 11:12:04 AM3/6/20
to jenkinsc...@googlegroups.com
Matt Sicker created an issue
 
Jenkins / Improvement JENKINS-61373
Use maximum strength encryption keys by default
Issue Type: Improvement Improvement
Assignee: Unassigned
Components: core
Created: 2020-03-06 16:11
Priority: Minor Minor
Reporter: Matt Sicker

As of, checks notes, 2009, the US loosened its embargo on the export of cryptographic software significantly. This includes the key size restrictions on AES and RSA.

The following places inside Jenkins should be updated to use AES-256 and RSA-4096 keys along with appropriate migration code for data encrypted with older keys:

  • jenkins.security.DefaultConfidentialStore.masterKey: upgrade to AES-256; should also try using a more standardized key file format like PKCS12 to allow it to be managed externally.
  • jenkins.security.CryptoConfidentialKey.secret: upgrade to AES-256; would also be nice to use the standardized key file format like PKCS12.
  • jenkins.security.RSAConfidentialKey: upgrade priv and pub to RSA-4096.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

dbeck@cloudbees.com (JIRA)

unread,
Mar 11, 2020, 2:24:04 AM3/11/20
to jenkinsc...@googlegroups.com
Daniel Beck updated an issue
Change By: Daniel Beck
Labels: security
Reply all
Reply to author
Forward
0 new messages