RFR 8213400: Support choosing curve name in keytool keypair generation

Weijun Wang weijun.wang at oracle.com
Thu Nov 15 01:24:15 UTC 2018



> On Nov 15, 2018, at 3:53 AM, Adam Petcher <adam.petcher at oracle.com> wrote:
> 
> This looks good to me, though I made a couple of trivial editorial changes. It's fine as is, but you may want to consider using secp384r1 instead of brainpool256r1 in your example. I worry that people will experiment with the new feature using your example, and then we'll get bug tickets because the resulting keystore doesn't work with TLS.

This is exactly the advice I need from an expert.

However, secp384r1 is already the default choice for `-keysize 384`. Do you have another recommendation that has to be set with `-groupname`?

Thanks
Max

> 
> On 11/13/2018 7:56 PM, Weijun Wang wrote:
>> Thanks. Please also take a look at the release note at https://bugs.openjdk.java.net/browse/JDK-8213821.
>> 
>> --Max
>> 
>>> On Nov 13, 2018, at 11:02 PM, Adam Petcher <adam.petcher at oracle.com> wrote:
>>> 
>>> This change looks good to me. Thanks.
>>> 



More information about the security-dev mailing list