[10] RFR 8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
Sean Mullan
sean.mullan at oracle.com
Tue Aug 8 12:22:26 UTC 2017
I don't think we should warn at all if the keysize cannot be determined
or is inaccessible. The corresponding algorithm constraints checks don't
restrict keys whose size cannot be determined, so keytool and jarsigner
should be consistent.
--Sean
On 8/8/17 1:49 AM, Weijun Wang wrote:
> Please review this trivial fix at
>
> http://cr.openjdk.java.net/~weijun/8185934/webrev.00/
>
> KeyUtil.getSize() are also called elsewhere when they key is weak, where key length is not -1.
>
> Noreg-trivial.
>
> Thanks
> Max
>
More information about the security-dev
mailing list