RFR CSR for 8213400: Support choosing curve name in keytool keypair generation
Adam Petcher
adam.petcher at oracle.com
Tue Nov 6 14:57:00 UTC 2018
On 11/6/2018 2:18 AM, Weijun Wang wrote:
>> On Nov 6, 2018, at 1:06 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>> If the option "-keysize 256 -curvename sect163k1" work, I may think that the key size if 256 bits. I want to create a 256 bits sect163k1 EC key, and the tool allows this behavior, so I should get a 256 bits sect163k1 EC key. Sure, that's incorrect, but I don't know it is incorrect as the tool ignore the key size. What's the problem of the command, I don't know either unless I clearly understand sect163k1 is not 256 bits. The next question to me, what's the key size actually is? 256 bits or 163 bits? which option are used? It adds more confusing to me.
> Well explained. I've updated the CSR and this will be an error.
This is a good improvement. If you like, you could even go one step
further and error out any time -curvename and -keysize are used at the
same time, even if the size is correct. This would simplify things and
discourage use of -keysize for EC keys.
> (curve ambiguity issue with -keysize)
>
> Thanks
> Max
>
I don't think it is worthwhile to add any code to choose some particular
curve when only -keysize is used (or KeyPairGenerator.init(int)).
Keeping the current behavior and choosing an arbitrary curve of the
specified size is fine. Emitting a warning is a good idea, and if you
plan to do this, you might want to emit a warning any time -keysize is
used with an EC key, regardless of whether there are (currently)
multiple curves of the specified size.
More information about the security-dev
mailing list