DSA default algorithm for keytool -genkeypair. Bad choice?
Sean Mullan
sean.mullan at oracle.com
Thu Oct 11 11:53:48 UTC 2018
On 10/10/18 4:52 PM, Michael StJohns wrote:
>> There is really no other reason other than DSA keys have been the
>> default keypairs generated by keytool for a long time, so there are
>> some compatibility issues we would have to think through before
>> changing it to another algorithm such as RSA. Weijun might have more
>> insight into that.
> Not really. It was the default before I join Sun Microsystems many many
> years ago.
I think it was made the default because at the time the RSA patent had
not expired yet.
JDK 1.1 (when keytool was introduced) release date: February 19, 1997
RSA patent expiration: September 21, 2000
--Sean
More information about the security-dev
mailing list