RFR[11] JDK-8146293 "Add Support for RSA-PSS Signature Algorithm as in PKCS#1 v2.2"
Valerie Peng
valerie.peng at oracle.com
Mon May 21 17:22:56 UTC 2018
BTW, SignedObject javadoc update is tracked under
https://bugs.openjdk.java.net/browse/JDK-8203489
Valerie
On 5/21/2018 10:06 AM, Valerie Peng wrote:
> Right, I will update line 264 of RSAPSSSignature.java.
> Thanks,
> Valerie
>
> On 5/21/2018 9:56 AM, Bradford Wetmore wrote:
>>
>>>> SignedObject.java
>>>> -----------------
>>>> Now that SignedObject is no longer in the scope of the CSR, we
>>>> talked about updating the class javadoc with an example about
>>>> setting the parameters before passing the Signature object in. I
>>>> didn't see that, so did you want to at least give an example of it
>>>> here? I don't expect that would require a separate CSR.
>>>
>>> Well, I debated about this and feel that it's probably better to
>>> leave this for later once we are set about the recommended usage for
>>> SignedObject.
>>
>> Ok. File a CR to track if you think it's something you want to come
>> back to.
>>
>>>> RSAPSSSignature.java
>>>> --------------------
>>>> 191: Would you mind inserting a comment that you "skip the JCA
>>>> overhead"?
>>> Ok.
>>>>
>>>> 264: -> PSSParameterSpec.TRAILER_FIELD_BC instead of hardcoding 1?
>>
>> I think you might have missed this one.
>>
>>>> TestOAEPWithParams.java
>>>> -----------------------
>>>> 50: Should we also add SHA-384, SHA-512 here?
>>> I am not so sure as the key size is only 768. We can bump the size
>>> up and add SHA-384, SHA512, but since other tests in the same
>>> directory covers SHA-382 and SHA-512, I only added SHA-512/224 and
>>> SHA-512/256 to this test.
>>
>> Ok.
>>
>>>> Offsets.java
>>>> ------------
>>>> 43: Should we also add all of the missing RSA variants as well?
>>>> SHA{1,224,256...}withRSA
>>> Ok, I added more but left SHA1 out as it's sunsetting and existing
>>> coverage.
>>
>> Sounds good.
>>
>> Brad
>>
>>
>
More information about the security-dev
mailing list