RFR[11] JDK-8146293 "Add Support for RSA-PSS Signature Algorithm as in PKCS#1 v2.2"
Valerie Peng
valerie.peng at oracle.com
Mon May 21 17:06:40 UTC 2018
Right, I will update line 264 of RSAPSSSignature.java.
Thanks,
Valerie
On 5/21/2018 9:56 AM, Bradford Wetmore wrote:
>
>>> SignedObject.java
>>> -----------------
>>> Now that SignedObject is no longer in the scope of the CSR, we
>>> talked about updating the class javadoc with an example about
>>> setting the parameters before passing the Signature object in. I
>>> didn't see that, so did you want to at least give an example of it
>>> here? I don't expect that would require a separate CSR.
>>
>> Well, I debated about this and feel that it's probably better to
>> leave this for later once we are set about the recommended usage for
>> SignedObject.
>
> Ok. File a CR to track if you think it's something you want to come
> back to.
>
>>> RSAPSSSignature.java
>>> --------------------
>>> 191: Would you mind inserting a comment that you "skip the JCA
>>> overhead"?
>> Ok.
>>>
>>> 264: -> PSSParameterSpec.TRAILER_FIELD_BC instead of hardcoding 1?
>
> I think you might have missed this one.
>
>>> TestOAEPWithParams.java
>>> -----------------------
>>> 50: Should we also add SHA-384, SHA-512 here?
>> I am not so sure as the key size is only 768. We can bump the size up
>> and add SHA-384, SHA512, but since other tests in the same directory
>> covers SHA-382 and SHA-512, I only added SHA-512/224 and SHA-512/256
>> to this test.
>
> Ok.
>
>>> Offsets.java
>>> ------------
>>> 43: Should we also add all of the missing RSA variants as well?
>>> SHA{1,224,256...}withRSA
>> Ok, I added more but left SHA1 out as it's sunsetting and existing
>> coverage.
>
> Sounds good.
>
> Brad
>
>
More information about the security-dev
mailing list