ca-authority-key-export: use random IV

Part of: https://pagure.io/dogtagpki/issue/2666
dogtagpki · Aug 7, 2019 · 477c4f0 · 477c4f0
1 parent a47581f
commit 477c4f0
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java
@@ -106,15 +106,16 @@ public void execute(String[] args) throws Exception {
         WrappingParams params = null;
 
         if (algOid.equals(DES_EDE3_CBC_OID)) {
-            byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
+            EncryptionAlgorithm encAlg = EncryptionAlgorithm.DES3_CBC_PAD;
+            byte iv[] = CryptoUtil.getNonceData(encAlg.getIVLength());
             IVParameterSpec ivps = new IVParameterSpec(iv);
 
             params = new WrappingParams(
                 SymmetricKey.DES3, KeyGenAlgorithm.DES3, 168,
-                KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD,
+                KeyWrapAlgorithm.RSA, encAlg,
                 KeyWrapAlgorithm.DES3_CBC_PAD, ivps, ivps);
 
-            aid = new AlgorithmIdentifier(algOid, new OCTET_STRING(ivps.getIV()));
+            aid = new AlgorithmIdentifier(algOid, new OCTET_STRING(iv));
         }
 
         else {