RFR [14] 8223940: Private key not supported by chosen signature algorithm
Valerie Peng
valerie.peng at oracle.com
Tue Nov 5 02:36:22 UTC 2019
Hi Xuelei,
Overall changes look good.
A nit: SignatureScheme.java:552, "Ignore unsupport..." instead of
"Ignore the unsupported..."
It seems that the SignatureScheme selection is always selected with
PrivateKey first? It'd be nice to have some comments explain the
different handling between getSigner(PrivateKey) and
getVerifier(PublicKey), i.e. former returns null vs later passes up the
exception.
Thanks,
Valerie
On 10/24/2019 1:56 PM, Xuelei Fan wrote:
> Hi,
>
> Could I get the following update reviewed?
> http://cr.openjdk.java.net/~xuelei/8223940/webrev.00/
>
> For signature algorithms, the update will fail back to use the
> supported signature algorithm for the specific private key.
> Previously, the first preferred signature algorithm get used ad the
> private key may not be able to work with the signature algorithm however.
>
> No new regression test as RSASSA-PSS has been supported in the
> SunPKCS11 provider currently. Can I get a help for the test if you
> are running a provider that does not support RSASSA-PSS yet?
>
> Thanks & Regards,
> Xuelei
More information about the security-dev
mailing list