SHA1 deprecation for codesigning? (Was: RFR : 8038837:Add support to jarsigner for specifying timestamp hash algorithm)

ecki at zusammenkunft.net ecki at zusammenkunft.net
Wed Jan 27 16:43:23 UTC 2016


BTW, is there any SHA1 deprecation planned/expected for JNLP code signing?

-- 
http://bernd.eckenfels.net

-----Original Message-----
From: "Seán Coffey" <sean.coffey at oracle.com>
To: "security-dev at openjdk.java.net" <security-dev at openjdk.java.net>
Sent: Mi., 27 Jan. 2016 17:40
Subject: RFR : 8038837:Add support to jarsigner for specifying timestamp hash algorithm

Hi,

I'd like to backport this enhancement to JDK 8u. It's been approved via 
CCC process already.

The fix differs to that in JDK 9 in that I've chosen not to update the 
JDK 9 deprecated ContentSignerParameters interface. That was a request 
from Dev engineer.

For jdk8u, the tSAPolicyID value is obtained from the 
JarSignerParameters class. I've moved that class to its own source file. 
Build and tests are green.

webrev : http://cr.openjdk.java.net/~coffeys/webrev.8038837.8u/webrev*/
*bug report : https://bugs.openjdk.java.net/browse/JDK-8038837

-- 
Regards,
Sean.



More information about the security-dev mailing list