RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v6]

Weijun Wang weijun at openjdk.java.net
Tue Oct 13 13:34:27 UTC 2020


On Tue, 13 Oct 2020 13:24:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Note: I force pushed a new commit to correct a typo in the summary line.
>
> Add support for [RFC 6211: Cryptographic Message Syntax (CMS) Algorithm Identifier Protection
> Attribute](https://tools.ietf.org/html/rfc6211) to protect against algorithm substitution attacks. This attribute is
> signed and it contains copies of digestAlgorithm and signatureAlgorithm which are unprotected in SignerInfo. Before
> this enhancement, the two algorithms can be implied from the signature itself (i.e. if you change any of them the
> signature size would not match or the key will not decrypt). However, with the introduction of RSASSA-PSS, the
> signature algorithm can be modified and it still looks like the signature is valid. This particular case is [described
> in the RFC](https://tools.ietf.org/html/rfc6211#page-5):
>    signatureAlgorithm  has been protected by implication in the past.
>       The use of an RSA public key implied that the RSA v1.5 signature
>       algorithm was being used.  The hash algorithm and this fact could
>       be checked by the internal padding defined.  This is no longer
>       true with the addition of the RSA-PSS signature algorithms.

A force push to fix the RFC number typo in the latest commit. No content update.

-------------

PR: https://git.openjdk.java.net/jdk/pull/322



More information about the security-dev mailing list