Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4900323

Can not retrieve sig. algo. name for SHA256withRSA, SHA384withRSA, SHA512witRSA


    • Subcomponent:
    • Resolved In Build:
    • CPU:
      generic, x86
    • OS:
      generic, windows_nt


      JDK build
      Tiger 1.5 b13

      Since SHA256withRSA, SHA384withRSA, SHA512witRSA are new sig. algo. introduced for tiger

      Testing Scenario
      1. using keytool to generate a JCE Keystore with SHA384withRSA as signature algo.
      2. write a test to retrieve the x509 cert from that JCE KeyStore
      3. try to retrieve the sig. algo. name from that x509 cert
      4. expecting SHA384withRSA, but I got 1.2.840.113549.1.1.12 which is the OID of that sig. algo.

      How to reproduce
      1. generate JCE Keystore using keytool
      $JAVA_HOME/bin/keytool -genkey -storetype JCEKS -keyalg RSA -keysize 768 -sigalg SHA384withRSA -dname cn=YunKe -keypass keypasswd -keystore KeyStoreFromKeyTool -storepass storepasswd
      2. list the keystore by using
      $JAVA_HOME/bin/keytool -list -keystore KeyStoreFromKeyTool -storepass storepasswd -storetype JCEKS
      3. copy and compile the following test code
      import java.io.PrintStream;
      import java.io.IOException;
      import java.io.FileInputStream;
      import java.io.FileOutputStream;
      import java.security.Key;
      import java.security.cert.X509Certificate;
      import java.security.KeyStore;
      import java.security.Security;
      import javax.crypto.*;

      public class testSigAlgo {
        char [] passwdStore = new String("storepasswd").toCharArray();
        char [] passwdKey = new String("keypasswd").toCharArray();
          FileInputStream inStream = null;
          String keyStoreName="KeyStoreFromKeyTool";
          String alias="mykey";

        public void run(String args[], PrintStream log, PrintStream out) {
          try {
            KeyStore ks = KeyStore.getInstance("jceks");
            inStream = new FileInputStream(keyStoreName);

            // load a keystore which was generated from keytool
            ks.load(inStream, passwdStore);

            out.println("Provider of KeyStore is " + ks.getProvider().getName());
            out.println("Type of KeyStore is " + ks.getType());
            X509Certificate cer = (X509Certificate) ks.getCertificate(alias);

            out.println("The signature algo. OID is "+cer.getSigAlgOID());
            out.println("The signature algo. Name is "+cer.getSigAlgName());
          catch (Exception ex) {
            out.println("ERROR: unexpected exception - ");

        public static void main(String args[]) {
          testSigAlgo jstest = new testSigAlgo();
          jstest.run(args, System.err, System.out);


      4. $JAVA_HOME/bin/java testSigAlgo
      5. you will see
      nm-dtf-004.SFBay.Sun.COM:/home/stuartk/tmp/JCE/KeyStore( 41 )%java testSigAlgo.^R
      java testSigAlgo
      Provider of KeyStore is SunJCE
      Type of KeyStore is jceks
      The signature algo. OID is 1.2.840.113549.1.1.12
      The signature algo. Name is 1.2.840.113549.1.1.12
      As you can see, I got the same output no matter which one I used
      (either getSigAlgOID() or getSigAlgName())

      The same test work with SHA1withRSA, MD2withRSA, MD5withRSA, only failed
      with those new algo. (SHA256withRSA, SHA384withRSA, SHA512witRSA)


          Issue Links



              • Assignee:
                mullan Sean Mullan
                skesunw Stuart Ke (Inactive)
              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created: