DSA default algorithm for keytool -genkeypair. Bad choice?
Severin Gehwolf
sgehwolf at redhat.com
Wed Oct 10 12:51:47 UTC 2018
Hi Sean,
On Wed, 2018-10-10 at 07:59 -0400, Sean Mullan wrote:
> On 10/10/18 6:23 AM, Severin Gehwolf wrote:
> > Hi,
> >
> > What is the rationale of using DSA keys (2048 bit) as default for
> > genkeypair command?
> > http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120
>
> There is really no other reason other than DSA keys have been the
> default keypairs generated by keytool for a long time, so there are some
> compatibility issues we would have to think through before changing it
> to another algorithm such as RSA. Weijun might have more insight into that.
> > It seems a bad choice given that DSA keys are disabled via Fedora's
> > crypto policy (not just OpenJDK, but other crypto providers too).
>
> Actually, only DSA keys < 1024-bit are disabled by default in OpenJDK.
Thanks. I should have perhaps clarified. Not sure whether that was
clear. In Fedora a global crypto policy is in place. The policy affects
OpenSSL, GnuTLS, (patched) OpenJDK etc. It's that global policy which
disables DSA unconditionally.
> > Here the explanation from Nikos Mavrogiannopoulos from a Fedora bug[1]
> > as to why that's a bad choice:
> >
> > """
> > DSA is not used by new security protocols any more (doesn't exist as a
> > negotiation option under TLS1.3), and was a very rarely used option
> > under previous protocols (TLS1.2 or earlier). In fact only DSA-1024 is
> > documented under these protocols. DSA-2048 may or may not work
> > depending on the implementation (and even worse may not interoperate).
> > """
> >
> > Could the default choice of keyalg for genkeypair be reconsidered?
>
> Yes, I think it should be considered since DSA is rarely used anymore
> and not supported by newer security protocols such as TLS 1.3. I have
> filed: https://bugs.openjdk.java.net/browse/JDK-8212003
Great, thanks!
Cheers,
Severin
> --Sean
>
> > If not, why not?
> >
> > Thanks,
> > Severin
> >
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1582253
> >
More information about the security-dev
mailing list