RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v7]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Wed Mar 23 04:54:26 UTC 2022


On Tue, 22 Mar 2022 21:25:28 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> It's been several years since we increased the default key sizes. Before shifting to PQC, NSA replaced its Suite B cryptography recommendations with the Commercial National Security Algorithm Suite which suggests:
>> 
>> - SHA-384 for secure hashing
>> - AES-256 for symmetric encryption
>> - RSA with 3072 bit keys for digital signatures and for key exchange
>> - Diffie Hellman (DH) with 3072 bit keys for key exchange
>> - Elliptic curve [P-384] for key exchange (ECDH) and for digital signatures (ECDSA)
>> 
>> So, this proposed changes made the suggested key size and algorithm changes. The changes are mostly in keytool, jarsigner and their regression tests, so @wangweij Could you please take a look?
>> 
>> Thanks!
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Minor code refactoring

src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java line 129:

> 127:         return currVal;
> 128:     }
> 129: 

I'm not very sure of this method.  Is it performance friendly if making the default key size calculation in the static block (from line 142 to the end of the file)?  Then, the DEF_AES_KEY_SIZE could be a public primitive int.

Or did I miss something?

src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java line 137:

> 135:     public static final int DEF_ED_KEY_SIZE;
> 136:     public static final int DEF_XEC_KEY_SIZE;
> 137:     private static final AtomicInteger DEF_AES_KEY_SIZE;

See the previous comment, maybe it could be
`public static final int DEF_AES_KEY_SIZE.`

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list