DSA default algorithm for keytool -genkeypair. Bad choice?
Severin Gehwolf
sgehwolf at redhat.com
Wed Oct 10 10:23:36 UTC 2018
Hi,
What is the rationale of using DSA keys (2048 bit) as default for
genkeypair command?
http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120
It seems a bad choice given that DSA keys are disabled via Fedora's
crypto policy (not just OpenJDK, but other crypto providers too).
Here the explanation from Nikos Mavrogiannopoulos from a Fedora bug[1]
as to why that's a bad choice:
"""
DSA is not used by new security protocols any more (doesn't exist as a
negotiation option under TLS1.3), and was a very rarely used option
under previous protocols (TLS1.2 or earlier). In fact only DSA-1024 is
documented under these protocols. DSA-2048 may or may not work
depending on the implementation (and even worse may not interoperate).
"""
Could the default choice of keyalg for genkeypair be reconsidered? If
not, why not?
Thanks,
Severin
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1582253
More information about the security-dev
mailing list