RFR 8242184: CRL generation error with RSASSA-PSS
Wang Weijun
weijun.wang at oracle.com
Thu Apr 9 07:19:12 UTC 2020
Valerie in another reply suggested that the default parameters of the default sigAlg depends on either the size of the key (if RSA) of the params of the key (if RSASSA-PSS). I'll address all of these in another bug.
Thanks,
Max
> 在 2020年4月9日,03:47,Sean Mullan <sean.mullan at oracle.com> 写道:
>
> On 4/6/20 11:11 PM, Weijun Wang wrote:
>> Please review the fix at
>> http://cr.openjdk.java.net/~weijun/8242184/webrev.00/
>> The major change is inside X509CRLImpl.java to allow params setting and reading.
>> I also take this chance to:
>> 1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss".
>
> I think you should file a CSR for that, since it is a new default, and the default varies based on the size of the key. You should also update the keytool man page section on defaults.
>
> --Sean
>
>> 2. Revert a former change in X509CertImpl.java, which might be a safer call.
>> Thanks,
>> Max
More information about the security-dev
mailing list