Opened 16 months ago

#2685 assigned defect

I2P-Bote: Support sig types

Reported by: zzz Owned by: str4d
Priority: major Milestone: undecided
Component: apps/plugins Version: 0.9.44
Keywords: Cc:
Parent Tickets: Sensitive: no


Testing done about a year ago confirmed that bote does not work with non-DSA signature types for destinations, even though it should.

The issue is in Util.createDestination(), where, as noted, the destination length is hardcoded to 384 bytes followed by three zeroes.

Additionally, this method calls Destination.readBytes(source, offset) which is deprecated and only supports DSA destinations. The preferred method which supports all types is static Destination.create(inputstream), and it also caches. fromByteArray(source) or readBytes(inputstream) may also be used but they do not cache.

DSA is insecure; I2P added support for signature types in late 2013. Applications should not still be hardcoded for DSA-SHA1 6 years later.


Change History (0)

Note: See TracTickets for help on using tickets.