RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v6]
Weijun Wang
weijun at openjdk.java.net
Tue Oct 13 13:34:27 UTC 2020
On Tue, 13 Oct 2020 13:24:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Note: I force pushed a new commit to correct a typo in the summary line.
>
> Add support for [RFC 6211: Cryptographic Message Syntax (CMS) Algorithm Identifier Protection
> Attribute](https://tools.ietf.org/html/rfc6211) to protect against algorithm substitution attacks. This attribute is
> signed and it contains copies of digestAlgorithm and signatureAlgorithm which are unprotected in SignerInfo. Before
> this enhancement, the two algorithms can be implied from the signature itself (i.e. if you change any of them the
> signature size would not match or the key will not decrypt). However, with the introduction of RSASSA-PSS, the
> signature algorithm can be modified and it still looks like the signature is valid. This particular case is [described
> in the RFC](https://tools.ietf.org/html/rfc6211#page-5):
> signatureAlgorithm has been protected by implication in the past.
> The use of an RSA public key implied that the RSA v1.5 signature
> algorithm was being used. The hash algorithm and this fact could
> be checked by the internal padding defined. This is no longer
> true with the addition of the RSA-PSS signature algorithms.
A force push to fix the RFC number typo in the latest commit. No content update.
-------------
PR: https://git.openjdk.java.net/jdk/pull/322
More information about the security-dev
mailing list