RFR 8242068: Signed JAR support for RSASSA-PSS and EdDSA
Weijun Wang
weijun.wang at oracle.com
Fri May 22 14:30:41 UTC 2020
Please take a review at
CSR : https://bugs.openjdk.java.net/browse/JDK-8245274
webrev : http://cr.openjdk.java.net/~weijun/8242068/webrev.00/
Major points in CSR:
- new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in jarsigner
- The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a signed JAR) are reused for new signature algorithms
major code changes:
- Move signature related utilities methods from AlgorithmId.java to SignatureUtil.java
- Add new SignatureUtil methods fromKey() and fromSignature() to simplify creating Signature and getting its AlgorithmId
- Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing
- Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all old and new signature algorithms
- Mark all -altsign related code deprecated and they can be removed once ContentSigner is removed
Next I'll do some basic interop tests with openssl and BouncyCastle.
Thanks,
Max
More information about the security-dev
mailing list