Opened 3 weeks ago
#2685 assigned defect
I2P-Bote: Support sig types
| Reported by: | zzz | Owned by: | str4d |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | apps/plugins | Version: | 0.9.44 |
| Keywords: | Cc: | ||
| Parent Tickets: | Sensitive: | no |
Description
Testing done about a year ago confirmed that bote does not work with non-DSA signature types for destinations, even though it should.
The issue is in Util.createDestination(), where, as noted, the destination length is hardcoded to 384 bytes followed by three zeroes.
Additionally, this method calls Destination.readBytes(source, offset) which is deprecated and only supports DSA destinations. The preferred method which supports all types is static Destination.create(inputstream), and it also caches. fromByteArray(source) or readBytes(inputstream) may also be used but they do not cache.
DSA is insecure; I2P added support for signature types in late 2013. Applications should not still be hardcoded for DSA-SHA1 6 years later.
