Bug 481513

Summary:	SSH Keys: remove insecure DSA key generation
Product:	[Eclipse Project] Platform	Reporter:	Johan Ahlers <johan.ahlers>
Component:	Team	Assignee:	Platform Team Inbox <platform-team-inbox>
Status:	NEW ---	QA Contact:
Severity:	normal
Priority:	P3	CC:	bsd, johan.ahlers, kashihara, Lars.Vogel, matthias.sohn, psuzzi, twolf
Version:	4.5
Target Milestone:	---
Hardware:	PC
OS:	All
Whiteboard:

Description Johan Ahlers

2015-11-05 09:27:49 EST

DSA-1024 bit keys are considered unsecure nowadays. On the other hand Openssh struggles to work with longer DSA keys. I would suggest to remove DSA key generation completely (there is still RSA key generation which can be fixed for longer keys).

Users could still use "load existing key..." button and generate keys outside eclipse, if they really *need* DSA keys.


Steps to reprodce

1) General > Network Connections > SSH2 > Key Management > "Generate DSA Key..."

Actual Result
1024 bit DSA key

Expected Result
No DSA key generation button for DSA

Comment 1 Matthias Sohn

2015-11-05 17:33:10 EST

SSH Key management is not part of EGit but provided by Team in platform

Comment 2 Lars Vogel

2015-11-06 00:23:10 EST

Johan, care to provide a patch? See http://blog.vogella.com/2015/11/04/contributing-to-the-eclipse-ide-second-edition-available-as-paper-book-and-also-as-free-download/

Comment 3 Johan Ahlers

2015-11-14 13:30:49 EST

Lars, thanks for providing your ebook. Many pages to read ;-)

I can work on a patch. Schedule would be a weekend during december.

Comment 4 Lars Vogel

2015-11-15 09:59:00 EST

(In reply to Johan Ahlers from comment #3)
> Lars, thanks for providing your ebook. Many pages to read ;-)
> 
> I can work on a patch. Schedule would be a weekend during december.

Sounds good. Thanks.