JDK 9 and JCE code signing (where and sha1WithDSA 1024?)

Bradford Wetmore bradford.wetmore at oracle.com
Mon Nov 21 23:02:01 UTC 2016 


On 11/21/2016 4:48 AM, Sean Mullan wrote:
> On 11/20/16 2:57 PM, Bernd Eckenfels wrote:
>> Hello,
>>
>> how will the JCE Provider signing in Java 9 work? Are the jmod files
>> signed (I dont see a signature in them in the Windows EA builds)?
>
> Third party JCE providers still need to be signed as a JAR file.

To expand a bit.

There are the usual JCE 3rd party signed code checks, so code must be 
signed by one of the certs mentioned by Sean in his previous post.

JCE providers must still be packaged as signed jars.  Depending on the 
jar contents and how they are loaded (via classpath/modulepath), they 
will be treated as either unnamed modules (classpath) or modular jars 
(module-info.class: automatic/named modules).  The new Module System 
(JEP 261) rules apply.

There is no signed modules (jmod) support in JDK 9.  Attempts to use 
jlink to pull in signed jars will fail by default.  If you force jlink 
to build an image (JDK-8159393: --ignore-signing-information), the code 
will be treated as unsigned (i.e. no JCE third party code), and provider 
verification will later fail.

Thanks,
Brad

P.S.  Of course, if you simply add module information to an existing 
signed jar, it will need to be resigned.


>> On the BouncyCastle Crypto mailing list there has been a discussion
>> that currently JCE code signing (of Jars) is done with a SHA1 chained
>> 1024 bit DSA signature.
>>
>> https://www.bouncycastle.org/devmailarchive/msg14905.html
>>
>> Will that change to actually allow SHA-1 to be
>> turned off? Does the JAR-path checking security attribute also apply to
>> any (possible) JMOD signatures?
>>
>> Oracle's planned changes do not include as far as I can see any changes
>> here. I dont mind much that JCE policy is enforced by an older
>> algorithm, but it makes it impossible to globally turn off SHA1 and DSA
>> (1024).
>
> This information below is specific to Oracle's JDK, so it is best
> discussed in a different forum. In short though, here is some
> information you may find useful:
>
> We have recently upgraded Oracle's JCE CA to use stronger algorithms
> (SHA-256 and 2048-bit keys). It was released in JDK 8u111, 7u121, 6u131.
> More information is here (see "New JCE Code Signing Root CA":
> http://www.oracle.com/technetwork/java/javase/8u111-relnotes-3124969.html
>
> You can now request a new JCE code signing certificate that uses
> stronger algorithms. However, this certificate will only work on
> releases on or after the above releases. Thus, we recommend that if you
> do need to support older releases, you keep the signature on the
> existing JAR and re-sign it with the new certificate/key -- which means
> the resulting signed JAR will have 2 signatures.
>
> --Sean

More information about the security-dev mailing list