saandrews commented on issue #839: Specify rsa transform, aes & tag length URL: https://github.com/apache/incubator-pulsar/pull/839#issuecomment-338003748 I see your point. But, if we do not enforce, a producer produced using 256 bit AES key and if consumer host does not have the unlimited policy files installed, it will fail to decrypt. This is true for RSA/ECDSA keys as well. I'm considering the following change to address this: int aesKeyLength = javax.crypto.Cipher.getMaxAllowedKeyLength("AES"); if (aesKeyLength <= 128) { log.warn( "{} JCE Cryptographic strength is limited to {}. Consider installing JCE Unlimited Strength Jurisdiction Policy Files.", logCtx, aesKeyLength); keyGenerator.init(aesKeyLength, secureRandom); } else { keyGenerator.init(256, secureRandom); }
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
