Merge pull request #221 from bastelfreak/des

password encryption: switch from des3->aes-256-cbc
voxpupuli · Jul 18, 2024 · c06b14a · c06b14a
2 parents cac0733 + 35160e1
commit c06b14a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/lib/puppet/provider/ssl_pkey/openssl.rb b/lib/puppet/provider/ssl_pkey/openssl.rb
@@ -25,7 +25,7 @@ def self.generate_key(resource)
 
   def self.to_pem(resource, key)
     if resource[:password]
-      cipher = OpenSSL::Cipher.new('des3')
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
       key.to_pem(cipher, resource[:password])
     else
       key.to_pem

diff --git a/spec/unit/puppet/provider/ssl_pkey/openssl_spec.rb b/spec/unit/puppet/provider/ssl_pkey/openssl_spec.rb
@@ -42,7 +42,7 @@
       it 'creates with given password' do
         resource[:password] = '2x$5{'
         allow(OpenSSL::PKey::RSA).to receive(:new).with(2048).and_return(key)
-        allow(OpenSSL::Cipher).to receive(:new).with('des3')
+        expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc')
         expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String))
         resource.provider.create
       end
@@ -72,7 +72,7 @@
         resource[:authentication] = :rsa
         resource[:password] = '2x$5{'
         allow(OpenSSL::PKey::RSA).to receive(:new).with(2048).and_return(key)
-        allow(OpenSSL::Cipher).to receive(:new).with('des3')
+        expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc')
         expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String))
         resource.provider.create
       end
@@ -102,7 +102,7 @@
         resource[:authentication] = :dsa
         resource[:password] = '2x$5{'
         allow(OpenSSL::PKey::DSA).to receive(:new).with(2048).and_return(key)
-        allow(OpenSSL::Cipher).to receive(:new).with('des3')
+        expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc')
         expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String))
         resource.provider.create
       end
@@ -134,7 +134,7 @@
         resource[:authentication] = :ec
         resource[:password] = '2x$5{'
         allow(OpenSSL::PKey::EC).to receive(:new).with('secp384r1').and_return(key)
-        allow(OpenSSL::Cipher).to receive(:new).with('des3')
+        expect(OpenSSL::Cipher).to receive(:new).with('aes-256-cbc')
         expect(File).to receive(:write).with('/tmp/foo.key', kind_of(String))
         resource.provider.create
       end