Code Review Request, JDK-8172869 4096 is not supported yet for the DH Parameter Generator

Xuelei Fan xuelei.fan at oracle.com
Tue Jan 24 20:09:03 UTC 2017


On 1/24/2017 11:46 AM, Anthony Scarpino wrote:
> On 01/24/2017 11:24 AM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review this spec documentation update:
>>     http://cr.openjdk.java.net/~xuelei/8172869/webrev.00/
>>
>> In the java.security.AlgorithmParameterGenerator specification, 4096
>> bits DH parameter generator is specified as a required feature.
>>
>> However, the 4096 bits DH parameter generator is not supported yet in
>> JDK.  Although the 4096 bits DH key generation is supported, but it uses
>> the predefined DH parameters.
>>
>> This update removes the 4096 bits DH parameter generator requirement
>> from the java.security.AlgorithmParameterGenerator specification.
>>
>> Thanks,
>> Xuelei
>
> The change looks fine, but does it make sense to mention that 4k bit DH
> uses predefined parameters in the this section or somewhere else?
>
As it is an implementation details of JDK, I was wondering to state it 
in the KeyPairGenerator section in Oracle Providers documentation.  I 
filed a sub-task of JDK-8015388 to track this doc update.

     https://bugs.openjdk.java.net/browse/JDK-8173298

Thanks,
Xuelei


More information about the security-dev mailing list