RFR 8213400: Support choosing curve name in keytool keypair generation

Weijun Wang weijun.wang at oracle.com
Tue Nov 27 01:32:44 UTC 2018


Ping

> On Nov 15, 2018, at 9:24 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
> 
> 
> 
>> On Nov 15, 2018, at 3:53 AM, Adam Petcher <adam.petcher at oracle.com> wrote:
>> 
>> This looks good to me, though I made a couple of trivial editorial changes. It's fine as is, but you may want to consider using secp384r1 instead of brainpool256r1 in your example. I worry that people will experiment with the new feature using your example, and then we'll get bug tickets because the resulting keystore doesn't work with TLS.
> 
> This is exactly the advice I need from an expert.
> 
> However, secp384r1 is already the default choice for `-keysize 384`. Do you have another recommendation that has to be set with `-groupname`?
> 
> Thanks
> Max
> 
>> 
>> On 11/13/2018 7:56 PM, Weijun Wang wrote:
>>> Thanks. Please also take a look at the release note at https://bugs.openjdk.java.net/browse/JDK-8213821.
>>> 
>>> --Max
>>> 
>>>> On Nov 13, 2018, at 11:02 PM, Adam Petcher <adam.petcher at oracle.com> wrote:
>>>> 
>>>> This change looks good to me. Thanks.
>>>> 
> 



More information about the security-dev mailing list