RFR 8242068: Signed JAR support for RSASSA-PSS and EdDSA

Weijun Wang weijun.wang at oracle.com
Sat May 23 01:24:41 UTC 2020 


> On May 23, 2020, at 4:44 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 5/22/20 10:30 AM, Weijun Wang wrote:
>> Please take a review at
>>       CSR : https://bugs.openjdk.java.net/browse/JDK-8245274
>>    webrev : http://cr.openjdk.java.net/~weijun/8242068/webrev.00/
>> Major points in CSR:
>> - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in jarsigner
> 
> In the CSR, it says "In fact, the new -sigalg option values are quite useless and do not need to specified."
> 
> What happens if you specify anything other than the defaults?

If not compatible with the key alg, an error will be reported. This is implemented in SignatureUtil.checkKeyAndSigAlgMatch.

Precisely, if the key alg is RSASSA-PSS, you can only set "-siglag RSASSA-PSS". For Ed25519, everything other than "-sigalg EdDSA" or "-sigalg Ed25519" will lead to an error, and these 2  are actually the same.

> 
> In the Supported Algorithms, what does keysize: (empty) mean? Do you mean "any size" as in the current table for DSA?

You can say that (RSASSA-PSS can be any size, EdDSA can be any of those 2 sizes). Of course, it's not unrelated, and I've added "using the same parameters of the key" in the default siglag cells. For EdDSA, it's more precise to say "using the same key size".

> 
>> - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a signed JAR) are reused for new signature algorithms
> 
> I think the CSR should have the proposed changes to the JAR specification instead of just saying it will be described. Also, we never defined the "EC" type, so I think this CSR is a good opportunity to also fix that and add that extension to the JAR spec.

OK.

Thanks,
Max

> 
> --Sean
> 
>> major code changes:
>> - Move signature related utilities methods from AlgorithmId.java to SignatureUtil.java
>> - Add new SignatureUtil methods fromKey() and fromSignature() to simplify creating Signature and getting its AlgorithmId
>> - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing
>> - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all old and new signature algorithms
>> - Mark all -altsign related code deprecated and they can be removed once ContentSigner is removed
>> Next I'll do some basic interop tests with openssl and BouncyCastle.
>> Thanks,
>> Max

More information about the security-dev mailing list