RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v7]

Valerie Peng valeriep at openjdk.java.net
Tue Mar 22 21:25:28 UTC 2022

> It's been several years since we increased the default key sizes. Before shifting to PQC, NSA replaced its Suite B cryptography recommendations with the Commercial National Security Algorithm Suite which suggests:
> - SHA-384 for secure hashing
> - AES-256 for symmetric encryption
> - RSA with 3072 bit keys for digital signatures and for key exchange
> - Diffie Hellman (DH) with 3072 bit keys for key exchange
> - Elliptic curve [P-384] for key exchange (ECDH) and for digital signatures (ECDSA)
> So, this proposed changes made the suggested key size and algorithm changes. The changes are mostly in keytool, jarsigner and their regression tests, so @wangweij Could you please take a look?
> Thanks!

Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:

  Minor code refactoring


  - all: https://git.openjdk.java.net/jdk/pull/7652/files
  - new: https://git.openjdk.java.net/jdk/pull/7652/files/c8ae1655..1eb63292

 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7652&range=06
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7652&range=05-06

  Stats: 20 lines in 1 file changed: 1 ins; 7 del; 12 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7652.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7652/head:pull/7652

PR: https://git.openjdk.java.net/jdk/pull/7652

More information about the compiler-dev mailing list