Integrated: 8242068: Signed JAR support for RSASSA-PSS and EdDSA

Weijun Wang weijun at openjdk.java.net
Wed Oct 21 14:24:22 UTC 2020


On Wed, 23 Sep 2020 14:41:59 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Major points in CSR at https://bugs.openjdk.java.net/browse/JDK-8245274:
> 
> - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in jarsigner
> 
> - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a signed JAR) are reused for new signature algorithms
> 
> - A new JarSigner property "directsign"
> 
> - Updating the jarsigner tool doc
> 
> Major code changes:
> 
> - Always use the signature algorithm directly as SignerInfo::signatureAlgorithm. We used to use the encryption algorithm there like RSA, DSA, and EC. Now it's always SHA1withRSA or RSASSA-PSS.
> 
> - Move signature related utilities methods from AlgorithmId.java to SignatureUtil.java
> 
> - Add new SignatureUtil methods fromKey() and fromSignature() to simplify creating Signature and getting its AlgorithmId
> 
> - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing
> 
> - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all old and new signature algorithms
> 
> - Mark all -altsign related code deprecated and they can be removed once ContentSigner is removed

This pull request has now been integrated.

Changeset: 839f01dd
Author:    Weijun Wang <weijun at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/839f01dd
Stats:     1869 lines in 24 files changed: 1132 ins; 558 del; 179 mod

8242068: Signed JAR support for RSASSA-PSS and EdDSA

Reviewed-by: valeriep

-------------

PR: https://git.openjdk.java.net/jdk/pull/322



More information about the security-dev mailing list