RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]
Weijun Wang
weijun at openjdk.java.net
Wed Mar 16 00:16:50 UTC 2022
On Tue, 15 Mar 2022 20:44:20 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java line 122:
>>
>>> 120: default -> {
>>> 121: throw new ProviderException
>>> 122: ("Unrecognized algorithm for checking key size");
>>
>> If it's an unknown key algorithm, is it possible we just ignore it and keep using `minKeyLen` and `maxKeyLen`?
>
> Well, instead of ignore unknown key algorithm, perhaps safer to throw Exception so it can be caught and handled during develop time. P11KeyPairGenerator class is only used for known algorithms which it is registered for, so probably ok to go either way. I'd prefer to play it safe and force a review of this block of code when new algorithm is added.
OK.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7652
More information about the security-dev
mailing list