[security-dev 00888]: code review request 6570344 Invalid RSA OID in sun.security.x509.AlgorithmId
Xuelei Fan
Xuelei.Fan at Sun.COM
Wed Jun 10 07:37:13 UTC 2009
Hi,
The RSA OID from sun.security.x509.AlgorithmId is 1.2.5.8.1.1. However
no such OID seems to exist. The correct one should be 2.5.8.1.1.
ITU-T X.509 defined RSA encryption algorithm as:
id-ea-rsa = {joint-iso-itu-t(2) ds(5) algorithm(8)
encryptionAlgorithm(1) rsa(1)}
rsa ALGORITHM ::= {
KeySize
IDENTIFIED BY id-ea-rsa
}
However, the industry does not use the above specification, a serial of
definitions of PKCS#1 are adopted instead (the PKIX WG of IETF adopts
the PKCS#1 definitions). I think that is also why we did not get issue
report on parsing a certificate with such a OID. BTW there is a defect
report to deprecate the above definition. [1]
Anyway, I think we need to correct "1.2.5.8.1.1" to "2.5.8.1.1" even no
practical certificate issues reported by now.
Webrev: http://cr.openjdk.java.net/~xuelei/6570344/webrev.00/
Bug description: http://cr.openjdk.java.net/~xuelei/6570344/webrev.00/
[1]:
http://www.oid-info.com/cgi-bin/display?oid=2.5.8.1.1&submit=Display&action=display
Thanks,
Xuelei
More information about the security-dev
mailing list