RFR 8171190: Bump reference of NIST 800-57 Part 1 Rev 3 to Rev 4 in JarSigner API spec
Xuelei Fan
xuelei.fan at oracle.com
Wed Dec 14 02:28:51 UTC 2016
Looks fine to me.
Xuelei
On 12/13/2016 6:09 PM, Wang Weijun wrote:
> NIST 800-57 Part 1 has a new revision. The lines below are newly introduced in jdk9.
>
> diff --git a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
> --- a/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
> +++ b/src/java.base/share/classes/sun/security/x509/AlgorithmId.java
> @@ -1024,7 +1024,7 @@
> }
> }
>
> - // Values from SP800-57 part 1 rev 3 tables 2 and three
> + // Values from SP800-57 part 1 rev 4 tables 2 and 3
> private static String ecStrength (int bitLength) {
> if (bitLength >= 512) { // 256 bits of strength
> return "SHA512";
> @@ -1035,7 +1035,7 @@
> }
> }
>
> - // same values for RSA and DSA
> + // Same values for RSA and DSA
> private static String ifcFfcStrength (int bitLength) {
> if (bitLength > 7680) { // 256 bits
> return "SHA512";
> diff --git a/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java b/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java
> --- a/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java
> +++ b/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java
> @@ -430,7 +430,7 @@
> * SHA384withECDSA for a 384-bit EC key.
> *
> * @implNote This implementation makes use of comparable strengths
> - * as defined in Tables 2 and 3 of NIST SP 800-57 Part 1-Rev.3.
> + * as defined in Tables 2 and 3 of NIST SP 800-57 Part 1-Rev.4.
> * Specifically, if a DSA or RSA key with a key size greater than 7680
> * bits, or an EC key with a key size greater than or equal to 512 bits,
> * SHA-512 will be used as the hash function for the signature.
>
> Thanks
> Max
>
More information about the security-dev
mailing list