RFR 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms

Weijun Wang weijun.wang at oracle.com
Mon Jan 23 10:02:42 UTC 2017


Hi All

Please take a review at

    http://cr.openjdk.java.net/~weijun/8171319/webrev.00/

Warnings are printed to System.err when weak algorithms/keysizes are 
detected during the execution, this includes input, output, and any 
certs used.

The detection applies to many keytool functions:

- generation of certificate, certificate request, CRL
- reading (printing, listing, exporting) of above
- importing of certificate or certificates reply

The behavior of most functions remains unchanged. The only exception is 
"keytool -importcert", where the user must reply to a prompt if weak 
algorithms/keysizes are detected, unless -noprompt is specified on the 
command line.

Warnings are either printed at the end, or before a prompt.

If there are multiple weak points, multiple warnings will be printed.

The detection is based on the security property 
jdk.certpath.disabledAlgorithms.

For example:

$ keytool -genkeypair -alias a -dname CN=a -keyalg RSA -sigalg MD5withRSA

Warning:
The MD5withRSA signature algorithm is considered a security risk.

$ keytool -keystore ks -storepass changeit -keypass changeit -list

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

b, Jan 23, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 
D8:46:B7:0B:8B:97:C2:DE:A2:17:62:01:27:82:2B:CE:B1:9B:12:0B:24:D5:47:BF:BD:54:EE:8A:71:29:2B:CE
a, Jan 23, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 
66:70:DF:11:14:A1:96:58:92:F5:6A:10:09:B1:2F:CC:1C:CC:2D:55:47:1D:EE:74:75:AA:26:63:E4:9D:EA:83

Warning:
<b>'s 512-bit RSA key is considered a security risk.
<a>'s MD5withRSA signature algorithm is considered a security risk.

$ keytool -importcert -alias a -file b+a.certs

Warning:
Reply #2 of 2's 512-bit RSA key is considered a security risk.

Install reply anyway? [no]:no
Certificate reply was not installed in keystore

Thanks
Max


More information about the security-dev mailing list