From a89fb17f9fe80ad49397d1b533f59f1e8d4cc7a0 Mon Sep 17 00:00:00 2001
From: exceptionfactory <exceptionfactory@apache.org>
Date: Mon, 6 Nov 2023 21:16:43 -0600
Subject: [PATCH] NIFI-12328 Updated OpenPGP test Key Generator Settings

- Updated DSA Key Size from 1024 to 2048
- Updated Content Signer Algorithm from SHA-1 to SHA-256

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7992.
---
 .../org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java  | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
index fb6c7fd024..25568955d8 100644
--- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
+++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
@@ -47,7 +47,7 @@ public class PGPSecretKeyGenerator {
 
     private static final String DSA_KEY_ALGORITHM = "DSA";
 
-    private static final int DSA_KEY_SIZE = 1024;
+    private static final int DSA_KEY_SIZE = 2048;
 
     private static final String ELGAMAL_KEY_ALGORITHM = "ELGAMAL";
 
@@ -55,8 +55,6 @@ public class PGPSecretKeyGenerator {
 
     private static final int KEY_ENCRYPTION_ALGORITHM = PGPEncryptedData.AES_256;
 
-    private static final int HASH_ALGORITHM = HashAlgorithmTags.SHA1;
-
     /**
      * Generate Secret Keyring containing DSA and ElGamal Key Pairs
      *
@@ -122,10 +120,11 @@ public class PGPSecretKeyGenerator {
     }
 
     private static PGPContentSignerBuilder getContentSignerBuilder(final int algorithm) {
-        return new JcaPGPContentSignerBuilder(algorithm, HASH_ALGORITHM);
+        return new JcaPGPContentSignerBuilder(algorithm, HashAlgorithmTags.SHA256);
     }
 
     private static PGPDigestCalculator getDigestCalculator() throws PGPException {
-        return new JcaPGPDigestCalculatorProviderBuilder().build().get(HASH_ALGORITHM);
+        // RFC 4880 Section 5.5.3 requires SHA-1 for Secret-Key hash calculation
+        return new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA1);
     }
 }