RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v3]
Valerie Peng
valeriep at openjdk.java.net
Wed Mar 9 22:13:47 UTC 2022
On Wed, 9 Mar 2022 19:44:39 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update JarSigner javadoc to make it consistent with previous update
>
> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 439:
>
>> 437: * Specifically, if a DSA or RSA key with a key size no less than 7680
>> 438: * bits, or an EC key with a key size no less than 512 bits,
>> 439: * SHA-512 will be used as the hash function for the signature.
>
> In this javadoc, SHA-512 for 7680-bit key (7680 is no less than 7680).
Right, there are a few places which this is documented. Code and doc aren't closely coupled together plus changed course a few times... I will fix this and double check other files. Thanks!
-------------
PR: https://git.openjdk.java.net/jdk/pull/7652
More information about the security-dev
mailing list