RFR Update JarSigning.keystore
Weijun Wang
weijun.wang at oracle.com
Wed May 9 00:39:31 UTC 2018
> On May 9, 2018, at 8:36 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> Looks fine to me.
>
> BTW, does it make sense to support more signature algorithms other than DSA and RSA?
Most modern tests generate key/cert pairs inside the test (because we don't like binary files). This file is used by old tests and some tests outside java security.
That said, I'm happy to add a new entry "d" for EC. Whoever likes EC can use it.
Thanks
Max
>
> Thanks,
> Xuelei
>
> On 5/8/2018 5:29 PM, Weijun Wang wrote:
>> test/jdk/sun/security/tools/jarsigner/JarSigning.keystore is still using 512-bit DSA and it's disabled in jar signing now.
>> I just updated it and added a README.
>> diff --git a/test/jdk/sun/security/tools/jarsigner/JarSigning.keystore.README b/test/jdk/sun/security/tools/jarsigner/JarSigning.keystore.README
>> new file mode 100644
>> --- /dev/null
>> +++ b/test/jdk/sun/security/tools/jarsigner/JarSigning.keystore.README
>> @@ -0,0 +1,5 @@
>> +#JarSigning.keystore is generated with
>> +
>> +rm JarSigning.keystore
>> +keytool -genkeypair -keystore JarSigning.keystore -storepass bbbbbb -keypass bbbbbb -alias b -dname CN=b -keyalg DSA
>> +keytool -genkeypair -keystore JarSigning.keystore -storepass bbbbbb -keypass bbbbbb -alias c -dname CN=c -keyalg RSA
>> bugs.openjdk.java.net is down for maintenance and I will file a bug later.
>> Running tier1+tier2 now...
>> Thanks
>> Max
More information about the security-dev
mailing list