RFR: 8342062: Reformat keytool and jarsigner output for keys with a named parameter set [v3]
Kevin Driver
kdriver at openjdk.org
Wed Jan 8 18:48:17 UTC 2025
On Fri, 13 Dec 2024 15:10:15 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Traditionally, an asymmetric key has a key size. The size is displayed by `keytool` and `jarsigner`, both in informational output and weak-key warnings. However, for the recently added ML-DSA algorithm, key size is not defined.
>>
>> Thus when an ML-DSA key is created, `keytool` shows
>>
>> Generating -1 bit ML-DSA-65 key pair...
>>
>> When the entry is being displayed by `keytool -list -v`, it shows
>>
>> Subject Public Key Algorithm: -1-bit ML-DSA-65 key
>>
>> If the algorithm is disabled, `keytool -list` shows
>>
>> <x> uses a -1-bit ML-DSA-65 key which is considered a security risk...
>>
>> Furthermore, if a JAR file is signed by ML-DSA, `jarsigner -verify` also shows
>>
>> Signature algorithm: ML-DSA-65, unknown size
>>
>> or when the algorithm is disabled, it shows
>>
>> Signature algorithm: ML-DSA-65, -1-bit key (disabled)
>> The ML-DSA-65 signing key has a keysize of -1 which is considered a security risk.
>>
>>
>> With this code change, a key can either has a key size, or characterized by a `NamedParameterSpec`, and the display chooses one of them.
>>
>> One special case is EC keys, which have both a keysize and a `NamedParameterSpec`. Both are displayed.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> no more combined output
What is the process in cases like this where i18n needs to happen on the `Resources` files? I'm just curious how the appropriate translators get involved. Does it only happen on release boundaries?
Are we not required to update the files for the other locales with the English messages to prevent messages not being found? At least if {K,V} is updated with English in both slots, there would not be a mismatch until localization happens.
Not a request for a change, per se, just trying to understand the process better.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22735#issuecomment-2578376555
More information about the security-dev
mailing list