DSA default algorithm for keytool -genkeypair. Bad choice?

Sean Mullan sean.mullan at oracle.com
Thu Oct 11 13:20:01 UTC 2018


On 10/11/18 12:22 AM, Anthony Scarpino wrote:
> For one, it makes the user specify what they want, perhaps learning 
> about certificates and making an educated choice.  Secondly, and more 
> importantly, it would not making it our decisions what is a default 
> secure algorithm for all of java.

If we could start over again, I definitely agree. It might be too late 
to make that kind of change now though. Moving to a middle solution 
where the defaults are configurable seems like it might be best for 
compatibility.

BTW, I sometimes forget about this feature, but keytool does have a 
-conf option which allows you specify default options in a configuration 
file, ex:

# A pre-configured options file
keytool.all = -keystore ${user.home}/ks
keytool.list = -v
keytool.genkeypair = -keyalg rsa

keytool -conf preconfig -genkeypair -alias me

This option was never documented in the keytool docs, so I'll file a bug 
for that.

It doesn't specifically solve the issue but it can help avoid long 
command lines and accidentally using the wrong default.

--Sean
> 
> Tony
> 
> On 10/10/2018 06:33 PM, Weijun Wang wrote:
>> I don't know what benefit it brings to a user to remove the default. 
>> Except from forcing DSA users to add a -keyalg option, RSA and EC 
>> users will not gain anything.
>>
>> --Max
>>
>>> On Oct 11, 2018, at 5:05 AM, Anthony Scarpino 
>>> <anthony.scarpino at oracle.com> wrote:
>>>
>>> On 10/10/2018 07:42 AM, Weijun Wang wrote:
>>>>> On Oct 10, 2018, at 7:59 PM, Sean Mullan <sean.mullan at oracle.com> 
>>>>> wrote:
>>>>>
>>>>> There is really no other reason other than DSA keys have been the 
>>>>> default keypairs generated by keytool for a long time, so there are 
>>>>> some compatibility issues we would have to think through before 
>>>>> changing it to another algorithm such as RSA. Weijun might have 
>>>>> more insight into that.
>>>> Not really. It was the default before I join Sun Microsystems many 
>>>> many years ago. Maybe it was a NIST standard?
>>>> As for compatibility, as long as someone is still using DSA then 
>>>> they might not be specifying the -keyalg option.
>>>> If not DSA, should RSA be the new default? Or maybe RSASSA-PSS (I 
>>>> wonder if RSASSA-PSS signature can always use legacy RSA keys) or 
>>>> EC? We don't have an option to specify ECCurve in keytool yet (a 
>>>> string -keysize).
>>>> --Max
>>>
>>>
>>> I would rather get rid of the default completely.
>>>
>>> I realize there maybe scripting issues with that.  If we made some 
>>> documentation guarantees a default algorithm then maybe we are stuck 
>>> with having a default and can use a security property.  A part of me 
>>> thinks it would be foolish for an application to assume a default 
>>> algorithm and may deserve to be broken so they can fix it.
>>>
>>> Even if we didn't remove defaults from older java version, in future 
>>> releases it would be nice to eliminate defaults were possible.
>>>
>>> With regard to a replacement, I'd prefer over EC than RSA given a 
>>> choice.  But either is ok.
>>>
>>> Tony
>>
> 



More information about the security-dev mailing list