RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v3]

Valerie Peng valeriep at openjdk.java.net
Wed Mar 9 22:13:47 UTC 2022


On Wed, 9 Mar 2022 19:44:39 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Update JarSigner javadoc to make it consistent with previous update
>
> src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java line 439:
> 
>> 437:          * Specifically, if a DSA or RSA key with a key size no less than 7680
>> 438:          * bits, or an EC key with a key size no less than 512 bits,
>> 439:          * SHA-512 will be used as the hash function for the signature.
> 
> In this javadoc, SHA-512 for 7680-bit key (7680 is no less than 7680).

Right, there are a few places which this is documented. Code and doc aren't closely coupled together plus changed course a few times... I will fix this and double check other files. Thanks!

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list