RFR[11] JDK-8146293 "Add Support for RSA-PSS Signature Algorithm as in PKCS#1 v2.2"

Anthony Scarpino anthony.scarpino at oracle.com
Sat Apr 28 04:00:10 UTC 2018


I'm fine with 1 or 2.  Maybe leaning more toward 2 given what Xuelei 
said about the RFCs.

Tony

On 04/27/2018 04:41 PM, Valerie Peng wrote:
> 
> I'd also strongly prefer to pick one as standard name for RSA PSS 
> signature and use it consistently.
> 
> Here are the possible choices for RSA PSS standard names:
> 
>  1. RSA-PSS
>  2. RSASSA-PSS
>  3. RSA/PSS
>  4. RSAPSS
> 
> #1,#2 are from 3rd party provider, #3 is what I have in current webrev, 
> #4 is just a new alternative in case people may prefer it over #1.
> 
> My preference is #1, #2, and #4. My reason for steering away from #3 is 
> due to that "/" is used by Cipher transformation string. Though 
> Signature algorithm is separate from Cipher transformation, but RSA can 
> be used for encryption and having that "/" is potentially very confusing.
> 
> Comments? Please share your preference soon so I can update the webrev 
> accordingly...
> 
> Thanks,
> Valerie
> 
> On 4/18/2018 11:36 AM, Xuelei Fan wrote:
>> On 4/18/2018 11:25 AM, Sean Mullan wrote:
>>> On 4/18/18 12:52 PM, Xuelei Fan wrote:
>>>> The algorithm name decomposer implementation for algorithm 
>>>> restrictions depends on the pattern:
>>>>     <digest>with<encryption>
>>>>
>>>> Using the same "encryption" name for signature and PKCS#1 could be 
>>>> easier for applications if there is a need  to decompose the 
>>>> algorithms.
>>>
>>> Hmm, so do you mean this is a problem if you specify the signature 
>>> algorithm as "RSA-PSS" and require that the digest algorithm be 
>>> specified as a parameter to the API? Or something else? Not sure I 
>>> understand you but I have a feeling you are raising a good point ...
>>>
>> The concern is from the names BC and Andriod used:
>>
>>      SHA*withRSA/PSS
>>      RSASSA-PSS (name from PKCS#1)
>>
>> The signature algorithm decomposing SHA*withRSA/PSS and "SHA*" and 
>> "RSA/PSS".  If the PKCS#1 name use "RSASSA-PSS", it is tricky to map 
>> "RSA/PSS" to "RSASSA-PSS".  I'm suggesting use a consistent name. 
>> Either "SHA*withRSA/PSS"/"RSA/PSS" or "SHA*withRSASSA-PSS"/"RSASSA-PSS".
>>
>> Xuelei
>>
>>> --Sean
>>>
>>>>
>>>> Xuelei
>>>>
>>>> On 4/16/2018 11:40 AM, Sean Mullan wrote:
>>>>> On 4/13/18 3:25 PM, Bradford Wetmore wrote:
>>>>>> SunRsaSignEntries.java
>>>>>> ----------------------
>>>>>> 145:  Where did you come up with this convention for your aliases?
>>>>>>
>>>>>>      SHA1withRSA-PSS
>>>>>>
>>>>>> I see Bouncy Castle[1] and Android[2] are both using:
>>>>>>
>>>>>>      SHA*withRSA/PSS
>>>>>>      RSASSA-PSS (name from PKCS#1)
>>>>>>
>>>>>> [1] 
>>>>>> https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java 
>>>>>>
>>>>>> [2] 
>>>>>> https://developer.android.com/reference/java/security/Signature.html
>>>>>>
>>>>>> but we have neither style.
>>>>>
>>>>> Since these standard names have not yet been defined, we don't 
>>>>> necessarily have to be consistent, but I don't see a good enough 
>>>>> reason for us to name them differently, so to help with 
>>>>> compatibility I would go with the names above.
>>>>>
>>>>> --Sean
> 



More information about the security-dev mailing list