RFR: 8302233: HSS/LMS: keytool and jarsigner changes
Sean Mullan
mullan at openjdk.org
Thu Nov 16 15:20:34 UTC 2023
On Wed, 31 May 2023 22:38:20 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Code changes for HSS/LMS that's related to keytool and jarsigner:
>
> 1. No need to add `-sigalg` for both tools when HSS/LMS key is involved, it can only be `HSS/LMS`.
> 2. The `digestAlgorithm` field in a PKCS7 `SignerInfo`. It must be the same as the hash algorithm used by the HSS/LMS key. This needs to be enforced both at signing and verification.
> 3. HSS/LMS reuses `.DSA` as the signature block file extension inside a signed JAR file
src/java.base/share/classes/sun/security/util/KeyUtil.java line 411:
> 409: * @throws NoSuchAlgorithmException if key is from an unknown configuration
> 410: */
> 411: public static String hashAlgFromHSS(PublicKey publicKey)
@ferakocz can you review this method? Thanks.
test/lib/jdk/test/lib/security/timestamp/TsaSigner.java line 1:
> 1: /*
Update copyright.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14254#discussion_r1395886589
PR Review Comment: https://git.openjdk.org/jdk/pull/14254#discussion_r1395813555
More information about the security-dev
mailing list