switch repo key fingerprint to SHA-256 since SHA-1 is considered deprecated

* a number of sources have said to avoid SHA-1 in new implementations * nothing currently depends on the SHA-1 fingerprint in the code, it is only used to display on the repo list. * Java 7 requires SHA-256 to be included * keytool -list -v shows the SHA-256 fingerprint
2013-11-21 21:32:44 -05:00 · 2013-11-21 21:32:44 -05:00 · 9b485bece3
commit 9b485bece3
parent fd28883429
1 changed files with 2 additions and 1 deletions
--- a/src/org/fdroid/fdroid/ManageRepo.java
+++ b/src/org/fdroid/fdroid/ManageRepo.java
@ -233,7 +233,8 @@ public class ManageRepo extends ListActivity {
    protected String getRepoFingerprint(Repo repo) {
        String ret = null;
        try {
-            MessageDigest digest = MessageDigest.getInstance("SHA-1");
+            // keytool -list -v gives you the SHA-256 fingerprint
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            digest.update(Hasher.unhex(repo.pubkey));
            byte[] fingerprint = digest.digest();
            Formatter formatter = new Formatter(new StringBuilder());