RFR: 8342062: Reformat keytool and jarsigner output for keys with a named parameter set [v4]

Weijun Wang weijun at openjdk.org
Fri Jan 10 00:58:17 UTC 2025 

> Traditionally, an asymmetric key has a key size. The size is displayed by `keytool` and `jarsigner`, both in informational output and weak-key warnings. However, for the recently added ML-DSA algorithm, key size is not defined.
> 
> Thus when an ML-DSA key is created, `keytool` shows
> 
> Generating -1 bit ML-DSA-65 key pair...
> 
> When the entry is being displayed by `keytool -list -v`, it shows
> 
> Subject Public Key Algorithm: -1-bit ML-DSA-65 key
> 
> If the algorithm is disabled, `keytool -list` shows
> 
> <x> uses a -1-bit ML-DSA-65 key which is considered a security risk...
> 
> Furthermore, if a JAR file is signed by ML-DSA, `jarsigner -verify` also shows
> 
> Signature algorithm: ML-DSA-65, unknown size
> 
> or when the algorithm is disabled, it shows
> 
> Signature algorithm: ML-DSA-65, -1-bit key (disabled)
> The ML-DSA-65 signing key has a keysize of -1 which is considered a security risk.
> 
> 
> With this code change, a key can either has a key size, or characterized by a `NamedParameterSpec`, and the display chooses one of them.
> 
> One special case is EC keys, which have both a keysize and a `NamedParameterSpec`. Both are displayed.

Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:

 - copyright years; two resource strings
 - Merge branch 'master' into 8342062
 - no more combined output
 - more strings
 - the fix

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/22735/files
  - new: https://git.openjdk.org/jdk/pull/22735/files/4d5bb30b..faacc337

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=22735&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=22735&range=02-03

  Stats: 37241 lines in 1023 files changed: 19319 ins; 13840 del; 4082 mod
  Patch: https://git.openjdk.org/jdk/pull/22735.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/22735/head:pull/22735

PR: https://git.openjdk.org/jdk/pull/22735

More information about the security-dev mailing list