Integrated: 8302233: HSS/LMS: keytool and jarsigner changes

Weijun Wang weijun at
Thu Nov 30 19:17:20 UTC 2023

On Wed, 31 May 2023 22:38:20 GMT, Weijun Wang <weijun at> wrote:

> Code changes for HSS/LMS that's related to keytool and jarsigner:
> 1. No need to add `-sigalg` for both tools when HSS/LMS key is involved, it can only be `HSS/LMS`.
> 2. The `digestAlgorithm` field in a PKCS7 `SignerInfo`. It must be the same as the hash algorithm used by the HSS/LMS key. This needs to be enforced both at signing and verification.
> 3. HSS/LMS reuses `.DSA` as the signature block file extension inside a signed JAR file

This pull request has now been integrated.

Changeset: 0a60b0f9
Author:    Weijun Wang <weijun at>
Stats:     205 lines in 10 files changed: 87 ins; 85 del; 33 mod

8302233: HSS/LMS: keytool and jarsigner changes

Reviewed-by: mullan



More information about the security-dev mailing list