beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-21 15:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

httpd: always use an opaque signing key

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-11-12 19:27:34 +01:00
parent 4cb6acefb2
commit 618723c457
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
internal/httpd/httpd.go
View file

@ -1309,11 +1309,14 @@ func stopCleanupTicker() {
}
func getSigningKey(signingPassphrase string) []byte {
var key []byte
if signingPassphrase != "" {
sk := sha256.Sum256([]byte(signingPassphrase))
return sk[:]
key = []byte(signingPassphrase)
} else {
key = util.GenerateRandomBytes(32)
}
return util.GenerateRandomBytes(32)
sk := sha256.Sum256(key)
return sk[:]
}
// SetInstallationCodeResolver sets a function to call to resolve the installation code