You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Issue details
The "step certificate p12" command creates pcks12 files encrypted with RC2-40-CBC. This is outdated and insecure encryption. There does not appear to be a way to select different encryption.
Modern versions of OpenSSL will not open the file unless the "-legacy" flag is appended. The default encryption there for PKCS12 files appears to be AES-256-CBC with PBKDF2 algorithm.
I don't think this is a "vulnerability" in the step cli per se. The issue is in the files the step cli creates.
Tested on Windows 10 with
Smallstep CLI/0.23.4 (windows/amd64)
Release Date: 2023-0310T00:007:02Z
Why is this needed?
The step cli is a great modern utility, it should create files up-to-date with modern standards.
The text was updated successfully, but these errors were encountered:
Hello!
Issue details
The "step certificate p12" command creates pcks12 files encrypted with RC2-40-CBC. This is outdated and insecure encryption. There does not appear to be a way to select different encryption.
Modern versions of OpenSSL will not open the file unless the "-legacy" flag is appended. The default encryption there for PKCS12 files appears to be AES-256-CBC with PBKDF2 algorithm.
I don't think this is a "vulnerability" in the step cli per se. The issue is in the files the step cli creates.
Tested on Windows 10 with
Smallstep CLI/0.23.4 (windows/amd64)
Release Date: 2023-0310T00:007:02Z
Why is this needed?
The step cli is a great modern utility, it should create files up-to-date with modern standards.
The text was updated successfully, but these errors were encountered: