From 6a275a0a2f985a3ac734fd6d53f7569b039a2864 Mon Sep 17 00:00:00 2001
From: mikera <mike@mikera.net>
Date: Mon, 29 Jan 2024 13:43:46 +0000
Subject: [PATCH] Increase default iteration count to 4096 for PBE PEM

---
 convex-core/src/main/java/convex/core/crypto/PEMTools.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/convex-core/src/main/java/convex/core/crypto/PEMTools.java b/convex-core/src/main/java/convex/core/crypto/PEMTools.java
index 40c5809e5..8f1dd9e98 100644
--- a/convex-core/src/main/java/convex/core/crypto/PEMTools.java
+++ b/convex-core/src/main/java/convex/core/crypto/PEMTools.java
@@ -92,8 +92,9 @@ public static String encryptPrivateKeyToPEM(PrivateKey privateKey, char[] passwo
 		StringWriter stringWriter = new StringWriter();
 		JcaPEMWriter writer = new JcaPEMWriter(stringWriter);
 		
-		JcePKCSPBEOutputEncryptorBuilder builder = new JcePKCSPBEOutputEncryptorBuilder(PKCS8Generator.PBE_SHA1_RC2_128);
 		try {
+			JcePKCSPBEOutputEncryptorBuilder builder = new JcePKCSPBEOutputEncryptorBuilder(PKCS8Generator.PBE_SHA1_RC2_128);
+			builder.setIterationCount(4096); // TODO: double check requirements here?
 			OutputEncryptor encryptor = builder.build(password);
 			JcaPKCS8Generator generator = new JcaPKCS8Generator(privateKey, encryptor);
 			writer.writeObject(generator);