Bump default key length to 2048 and change fingerprint to SHA1 (#3555)

rkoster · web-flow · commit 9941def05eca · 2023-12-15T16:28:32.000+01:00
diff --git a/Gemfile b/Gemfile
@@ -40,6 +40,7 @@ gem 'sequel', '~> 5.75'
 gem 'sequel_pg', require: 'sequel'
 gem 'sinatra', '~> 3.1'
 gem 'sinatra-contrib'
+gem 'sshkey'
 gem 'statsd-ruby', '~> 1.5.0'
 gem 'steno'
 gem 'talentbox-delayed_job_sequel', '~> 4.3.0'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -527,6 +527,7 @@ GEM
     spring (4.1.3)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
+    sshkey (3.0.0)
     statsd-ruby (1.5.0)
     steno (1.3.4)
       fluent-logger
@@ -651,6 +652,7 @@ DEPENDENCIES
   spork!
   spring
   spring-commands-rspec
+  sshkey
   statsd-ruby (~> 1.5.0)
   steno
   talentbox-delayed_job_sequel (~> 4.3.0)
diff --git a/lib/cloud_controller/diego/ssh_key.rb b/lib/cloud_controller/diego/ssh_key.rb
@@ -1,10 +1,11 @@
 require 'net/ssh'
+require 'sshkey'
 
 module VCAP
   module CloudController
     module Diego
       class SSHKey
-        def initialize(bits=1024)
+        def initialize(bits=2048)
           @bits = bits
         end
 
@@ -21,7 +22,9 @@ def authorized_key
           end
         end
 
-        delegate :fingerprint, to: :key
+        def fingerprint
+          @fingerprint ||= ::SSHKey.new(key.to_der).sha1_fingerprint
+        end
 
         private
 
diff --git a/spec/unit/lib/cloud_controller/diego/ssh_key_spec.rb b/spec/unit/lib/cloud_controller/diego/ssh_key_spec.rb
@@ -32,6 +32,13 @@ module Diego
           expect(key1).to eq(key2)
         end
       end
+
+      describe '#fingerprint' do
+        it 'returns an sha1 fingerprint' do
+          ssh_key = SSHKey.new(1024)
+          expect(ssh_key.fingerprint).to match(/([0-9a-f]{2}:){19}[0-9a-f]{2}/)
+        end
+      end
     end
   end
 end
