In case MD5 is used as the digest algorithm the error returned is pkcs7: cannot decrypt data: only RSA, DES, DES-EDE3, AES-256-CBC and AES-128-GCM supported. This is an unexpected error message, and can lead to confusion. It's returned here:
|
func getHashForOID(oid asn1.ObjectIdentifier) (crypto.Hash, error) { |
|
switch { |
|
case oid.Equal(OIDDigestAlgorithmSHA1), oid.Equal(OIDDigestAlgorithmECDSASHA1), |
|
oid.Equal(OIDDigestAlgorithmDSA), oid.Equal(OIDDigestAlgorithmDSASHA1), |
|
oid.Equal(OIDEncryptionAlgorithmRSA): |
|
return crypto.SHA1, nil |
|
case oid.Equal(OIDDigestAlgorithmSHA256), oid.Equal(OIDDigestAlgorithmECDSASHA256): |
|
return crypto.SHA256, nil |
|
case oid.Equal(OIDDigestAlgorithmSHA384), oid.Equal(OIDDigestAlgorithmECDSASHA384): |
|
return crypto.SHA384, nil |
|
case oid.Equal(OIDDigestAlgorithmSHA512), oid.Equal(OIDDigestAlgorithmECDSASHA512): |
|
return crypto.SHA512, nil |
|
} |
|
return crypto.Hash(0), ErrUnsupportedAlgorithm |
|
} |
. It should likely become a different sentinel error message, but we may need a new version for that, because it's currently exported, and could thus be a backwards incompatible change.
Also see smallstep/certificates#2100.
Another case: micromdm/scep#224.
