RFR[11] JDK-8146293 "Add Support for RSA-PSS Signature Algorithm as in PKCS#1 v2.2"

Xuelei Fan xuelei.fan at oracle.com
Wed Apr 18 16:52:24 UTC 2018


The algorithm name decomposer implementation for algorithm restrictions 
depends on the pattern:
    <digest>with<encryption>

Using the same "encryption" name for signature and PKCS#1 could be 
easier for applications if there is a need  to decompose the algorithms.

Xuelei

On 4/16/2018 11:40 AM, Sean Mullan wrote:
> On 4/13/18 3:25 PM, Bradford Wetmore wrote:
>> SunRsaSignEntries.java
>> ----------------------
>> 145:  Where did you come up with this convention for your aliases?
>>
>>      SHA1withRSA-PSS
>>
>> I see Bouncy Castle[1] and Android[2] are both using:
>>
>>      SHA*withRSA/PSS
>>      RSASSA-PSS (name from PKCS#1)
>>
>> [1] 
>> https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 
>>
>> [2] https://developer.android.com/reference/java/security/Signature.html
>>
>> but we have neither style.
> 
> Since these standard names have not yet been defined, we don't 
> necessarily have to be consistent, but I don't see a good enough reason 
> for us to name them differently, so to help with compatibility I would 
> go with the names above.
> 
> --Sean


More information about the security-dev mailing list