RFR: 8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
SalusaSecondus
github.com+829871+salusasecondus at openjdk.java.net
Sat Mar 13 00:40:06 UTC 2021
On Fri, 12 Mar 2021 22:06:40 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hi @wangweij Thanks for your review. As @SalusaSecondus commented, RSAPrivateKeyCrtSpec should be favored over RSAPrivateKeySpec when the PrivateKey is a Crt Key. I just modified our JTreg test to include all four cases described in the PR description.
>
> I still cannot understand why CRT is always preferred. The original implementation also hadn't done that.
I believe that the original implementation intended to do this but made a mistake. This is why the original implementation (with the backwards `isAssignableFrom` logic) first checked to see if it could use CRT (as it had more information) and only afterwards fell back to seeing if it could use `RSAPrivateKeySpec`.
RSA CRT keys are much more efficient than normal RSA private keys and also result in more a more standard compliant output when serialized to PKCS#8 format (which technically requires the CRT parameters to be present). Thus, I believe we should try to preserve the CRT parameters whenever possible for our users. Now users who request an `RSAPrivateKeySpec` and then use it to later create a new key (using `KeyFactory.generatePrivate`) can keep the significant performance benefits for that private key.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2949
More information about the security-dev
mailing list