RFR Update JarSigning.keystore

Xuelei Fan xuelei.fan at oracle.com
Wed May 9 01:09:40 UTC 2018


On 5/8/2018 5:39 PM, Weijun Wang wrote:
> 
> 
>> On May 9, 2018, at 8:36 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>> Looks fine to me.
>>
>> BTW, does it make sense to support more signature algorithms other than DSA and RSA?
> 
> Most modern tests generate key/cert pairs inside the test (because we don't like binary files). This file is used by old tests and some tests outside java security.
> 
OK. Then it is sufficient.

Thanks,
Xuelei

> That said, I'm happy to add a new entry "d" for EC. Whoever likes EC can use it.
> 
> Thanks
> Max
> 
>>
>> Thanks,
>> Xuelei
>>
>> On 5/8/2018 5:29 PM, Weijun Wang wrote:
>>> test/jdk/sun/security/tools/jarsigner/JarSigning.keystore is still using 512-bit DSA and it's disabled in jar signing now.
>>> I just updated it and added a README.
>>> diff --git a/test/jdk/sun/security/tools/jarsigner/JarSigning.keystore.README b/test/jdk/sun/security/tools/jarsigner/JarSigning.keystore.README
>>> new file mode 100644
>>> --- /dev/null
>>> +++ b/test/jdk/sun/security/tools/jarsigner/JarSigning.keystore.README
>>> @@ -0,0 +1,5 @@
>>> +#JarSigning.keystore is generated with
>>> +
>>> +rm JarSigning.keystore
>>> +keytool -genkeypair -keystore JarSigning.keystore -storepass bbbbbb -keypass bbbbbb -alias b -dname CN=b -keyalg DSA
>>> +keytool -genkeypair -keystore JarSigning.keystore -storepass bbbbbb -keypass bbbbbb -alias c -dname CN=c -keyalg RSA
>>> bugs.openjdk.java.net is down for maintenance and I will file a bug later.
>>> Running tier1+tier2 now...
>>> Thanks
>>> Max
> 


More information about the security-dev mailing list