RFR: 8242068: Signed JAR support for RSASSA-PSS and EdDSA [v7]

Weijun Wang weijun at openjdk.java.net
Fri Oct 16 02:37:13 UTC 2020


On Thu, 15 Oct 2020 20:42:30 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   signing time, jarsigner -directsign, and digest algorithm check
>
> src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 549:
> 
>> 547:                 return encAlg;
>> 548:             default:
>> 549:                 String digAlg = digAlgId.getName().replace("-", "");
> 
> This may be incorrect if the digest algorithm is in the SHA3 family. Maybe we should check and apply this conversion
> only when digest algorithm starts with "SHA-".

Good suggestion. I'll also try some tests.

-------------

PR: https://git.openjdk.java.net/jdk/pull/322



More information about the security-dev mailing list