From 477c4f06fa1041557161241f8aedf36432f02b5e Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed, 24 Jul 2019 11:36:01 +1000
Subject: [PATCH] ca-authority-key-export: use random IV

Part of: https://pagure.io/dogtagpki/issue/2666
---
 .../netscape/cmstools/authority/AuthorityKeyExportCLI.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java
index 92d4701e7d1..85c930ba9eb 100644
--- a/base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/authority/AuthorityKeyExportCLI.java
@@ -106,15 +106,16 @@ public void execute(String[] args) throws Exception {
         WrappingParams params = null;
 
         if (algOid.equals(DES_EDE3_CBC_OID)) {
-            byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
+            EncryptionAlgorithm encAlg = EncryptionAlgorithm.DES3_CBC_PAD;
+            byte iv[] = CryptoUtil.getNonceData(encAlg.getIVLength());
             IVParameterSpec ivps = new IVParameterSpec(iv);
 
             params = new WrappingParams(
                 SymmetricKey.DES3, KeyGenAlgorithm.DES3, 168,
-                KeyWrapAlgorithm.RSA, EncryptionAlgorithm.DES3_CBC_PAD,
+                KeyWrapAlgorithm.RSA, encAlg,
                 KeyWrapAlgorithm.DES3_CBC_PAD, ivps, ivps);
 
-            aid = new AlgorithmIdentifier(algOid, new OCTET_STRING(ivps.getIV()));
+            aid = new AlgorithmIdentifier(algOid, new OCTET_STRING(iv));
         }
 
         else {