Update signing examples to use sha512

assets/signing/sign-message.R

@@ -33,6 +33,6 @@ message <- enc2utf8(commandArgs(trailingOnly = TRUE))
 key <- read_key(file = mykey, password = mypass)
 
 # Create the signature
-sig <- signature_create(serialize(message, NULL), key = key)
+sig <- signature_create(serialize(message, NULL), hash = sha512, key = key) # Use hash = sha1 for QZ Tray 2.0 and older
 
 print(sig)

assets/signing/sign-message.asp

@@ -38,7 +38,7 @@ pk.LoadPemFile("private-key.pem")
 key = pk.GetXml()
 rsa.ImportPrivateKey(key)
 rsa.EncodingMode = "base64"
-sig = rsa.SignStringENC(data,"sha-1")
+sig = rsa.SignStringENC(data,"SHA-512") ' Use "SHA-1" for QZ Tray 2.0 and older
 
 Response.ContentType = "text/plain"
 Response.Write Server.HTMLEncode(sig)

assets/signing/sign-message.cfm

@@ -34,7 +34,8 @@
 * @encoding I am the encoding used when returning the signature (base64 by default).
 * @output false
 */
-public any function sign(required string keyPath, required string message, string algorithm = "SHA1withRSA", string encoding = "base64") {
+public any function sign(required string keyPath, required string message, string algorithm = "SHA512withRSA", string encoding = "base64") {
+	// Note: change algorithm to "SHA1withRSA" for QZ Tray 2.0 and older
 	createObject("java", "java.security.Security")
 		.addProvider(createObject("java", "org.bouncycastle.jce.provider.BouncyCastleProvider").init());
 	privateKey = createPrivateKey(fileRead(expandPath(keyPath)));

assets/signing/sign-message.cs

@@ -40,8 +40,8 @@ public static string SignMessage(string request)
         var cert = new X509Certificate2(KEY, PASS, STORAGE_FLAGS);
         RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PrivateKey;
         byte[] data = new ASCIIEncoding().GetBytes(request);
-        byte[] hash = new SHA1CryptoServiceProvider().ComputeHash(data);
-        return Convert.ToBase64String(csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1")));
+        byte[] hash = new SHA512CryptoServiceProvider().ComputeHash(data);  // Use SHA1CryptoServiceProvider for QZ Tray 2.0 and older
+        return Convert.ToBase64String(csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA512"))); // Use "SHA1" for QZ Tray 2.0 and older
     }
     catch(Exception ex)
     {

assets/signing/sign-message.go

@@ -67,7 +67,7 @@ func handler(w http.ResponseWriter, r *http.Request) {
 
 	hash := sha1.Sum([]byte(data))
 	rng := rand.Reader
-	signature, err := rsa.SignPKCS1v15(rng, rsaPrivateKey, crypto.SHA1, hash[:])
+	signature, err := rsa.SignPKCS1v15(rng, rsaPrivateKey, crypto.SHA512, hash[:]) // Use crypto.SHA1 for QZ Tray 2.0 and older
 	if err != nil {
 		displayError(w, "Error from signing: %s\n", err)
 		return

assets/signing/sign-message.java

@@ -82,7 +82,7 @@ public MessageSigner(byte[] keyData) throws Exception {
         PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(parseKeyData(keyData));
         KeyFactory kf = KeyFactory.getInstance("RSA");
         PrivateKey key = kf.generatePrivate(keySpec);
-        sig = Signature.getInstance("SHA1withRSA");
+        sig = Signature.getInstance("SHA512withRSA"); // Use "SHA1withRSA" for QZ Tray 2.0 and older
         sig.initSign(key);
     }
 

assets/signing/sign-message.js

@@ -67,11 +67,12 @@ var privateKey = "-----BEGIN PRIVATE KEY-----\n" +
    "EjzSn7DcDE1tL2En/tSVXeUY\n" +
    "-----END PRIVATE KEY-----";
 
+qz.security.setSignatureAlgorithm("SHA512"); // Since 2.1
 qz.security.setSignaturePromise(function(toSign) {
     return function(resolve, reject) {
         try {
             var pk = KEYUTIL.getKey(privateKey);
-            var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA"});
+            var sig = new KJUR.crypto.Signature({"alg": "SHA512withRSA"});  // Use "SHA1withRSA" for QZ Tray 2.0 and older
             sig.init(pk); 
             sig.updateString(toSign);
             var hex = sig.sign();

assets/signing/sign-message.jsl

@@ -36,7 +36,7 @@ let request = "test data"
 // openssl pkcs12 -export -in private-key.pem -inkey digital-certificate.txt -out private-key.pfx
 let cert = new X509Certificate2("private-key.pfx")
 
-let sha1 = new SHA1CryptoServiceProvider()
+let sha1 = new SHA512CryptoServiceProvider() // Use "SHA1CryptoServiceProvider" for QZ Tray 2.0 and older
 
 let csp = cert.PrivateKey :?> RSACryptoServiceProvider
 let encoder = new ASCIIEncoding()

assets/signing/sign-message.jsp

@@ -57,7 +57,7 @@ private String getSignature(Object o) {
 		PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyData);
 		KeyFactory kf = KeyFactory.getInstance("RSA");
 		PrivateKey key = kf.generatePrivate(keySpec);
-		Signature sig = Signature.getInstance("SHA1withRSA");
+		Signature sig = Signature.getInstance("SHA512withRSA"); // Use "SHA1withRSA" for QZ Tray 2.0 and older
 		sig.initSign(key);
 		sig.update(req.getBytes());
 		String output = DatatypeConverter.printBase64Binary(sig.sign());

assets/signing/sign-message.node.js

@@ -32,7 +32,7 @@ app.get('/sign', function(req, res) {
     var toSign = req.query.requestToSign;
 
     fs.readFile(path.join(__dirname, '\\' + key), 'utf-8', function(err, privateKey) {
-        var sign = crypto.createSign('SHA1');
+        var sign = crypto.createSign('SHA512'); // Use "SHA1" for QZ Tray 2.0 and older
 
         sign.update(toSign);
         var signature = sign.sign({ key: privateKey/*, passphrase: pass */ }, 'base64');

assets/signing/sign-message.odoo.py

@@ -38,6 +38,6 @@ def index(self, **kwargs):
         key_file.close()
         password = None
         pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key, password)
-        sign = crypto.sign(pkey, kwargs.get('request', ''), 'sha1')
+        sign = crypto.sign(pkey, kwargs.get('request', ''), 'sha512') # Use 'sha1' for QZ Tray 2.0 and older
         data_base64 = base64.b64encode(sign)
         return request.make_response(data_base64, [('Content-Type', 'text/plain')])

assets/signing/sign-message.php

@@ -30,12 +30,13 @@
 $privateKey = openssl_get_privatekey(file_get_contents($KEY) /*, $PASS */);
 
 $signature = null;
-openssl_sign($req, $signature, $privateKey);
+openssl_sign($req, $signature, $privateKey, "sha512"); // Use "sha1" for QZ Tray 2.0 and older
 
 /*
 // Or alternately, via phpseclib
 include('Crypt/RSA.php');
 $rsa = new Crypt_RSA();
+$rsa.setHash('sha512'); // Use 'sha1' for QZ Tray 2.0 and older
 $rsa->loadKey(file_get_contents($KEY));
 $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
 $signature = $rsa->sign($req);

assets/signing/sign-message.pl

@@ -46,7 +46,7 @@
 my $rsa = Crypt::OpenSSL::RSA->new_private_key($private_key);
 
 # Create signature
-$rsa->use_sha1_hash();
+$rsa->use_sha512_hash(); # use_sha1_hash for QZ Tray 2.0 and older
 my $sig = encode_base64($rsa->sign($request));
 
 print $sig;

assets/signing/sign-message.py

@@ -47,7 +47,7 @@ def index(request):
     )
 
     # Create the signature
-    signature = key.sign(message.encode('utf-8'), padding.PKCS1v15(), hashes.SHA1())
+    signature = key.sign(message.encode('utf-8'), padding.PKCS1v15(), hashes.SHA512()) # Use hashes.SHA1 for QZ Tray 2.0 and older
 
     # Echo the signature
     return HttpResponse(base64.b64encode(signature), content_type="text/plain")

assets/signing/sign-message.rb

@@ -25,7 +25,7 @@
 # Typical rails controller
 class PrintingController < ActionController::Base
   def sign
-    digest   = OpenSSL::Digest.new('sha1')
+    digest   = OpenSSL::Digest.new('sha512') # Use 'sha1' for QZ Tray 2.0 and older
     pkey     = OpenSSL::PKey::read(File.read(Rails.root.join('lib', 'certs', 'private-key.pem')))
 
     signed   = pkey.sign(digest, params[:request])

assets/signing/sign-message.ts

@@ -35,13 +35,14 @@ qz.security.setCertificatePromise((resolve, reject) => {
 /*
  * Client-side using jsrsasign
  */
+qz.security.setSignatureAlgorithm("SHA512"); // Since 2.1
 qz.security.setSignaturePromise(hash => {
  return (resolve, reject) => {
   fetch("assets/private-key.pem", {cache: 'no-store', headers: {'Content-Type': 'text/plain'}})
    .then(wrapped => wrapped.text())
    .then(data => {
      var pk = KEYUTIL.getKey(data);
-     var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA"});
+     var sig = new KJUR.crypto.Signature({"alg": "SHA512withRSA"}); // Use "SHA1withRSA" for QZ Tray 2.0 and older
      sig.init(pk);
      sig.updateString(hash);
      var hex = sig.sign();

assets/signing/sign-message.vb

@@ -32,9 +32,9 @@ Public Sub SignMessage(message As String)
 	Dim csp As RSACryptoServiceProvider = CType(cert.PrivateKey,RSACryptoServiceProvider)
 
 	Dim data As Byte() = New ASCIIEncoding().GetBytes(message)
-	Dim hash As Byte() = New SHA1Managed().ComputeHash(data)
+	Dim hash As Byte() = New SHA512Managed().ComputeHash(data) ' Use SHA1Managed() for QZ Tray 2.0 and older
 
 	Response.ContentType = "text/plain"
-	Response.Write(Convert.ToBase64String(csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"))))
+	Response.Write(Convert.ToBase64String(csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA512")))) ' Use "SHA1" for QZ Tray 2.0 and older
 	Environment.[Exit](0)
 End Sub

assets/signing/sign_message.erl

@@ -45,6 +45,6 @@ sign(Message, KeyPath) ->
   {ok, Data} = file:read_file(KeyPath),
   [KeyEntry] =  public_key:pem_decode(Data),
   PrivateKey = public_key:pem_entry_decode(KeyEntry),
-  Signature = public_key:sign(list_to_binary(Message), sha, PrivateKey),
+  Signature = public_key:sign(list_to_binary(Message), sha512, PrivateKey), % Use sha1 for QZ Tray 2.0 and older
   Base64 = base64:encode(Signature),
   io:fwrite(Base64).

sample.html

@@ -1224,6 +1224,7 @@ <h4 class="panel-title">Options</h4>
                 "-----END CERTIFICATE-----\n");
     });
 
+    qz.security.setSignatureAlgorithm("SHA512"); // Since 2.1
     qz.security.setSignaturePromise(function(toSign) {
         return function(resolve, reject) {
             //Preferred method - from server