Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8015328

Generate 2048 bit RSA and DSA keys by default

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: 9
    • Component/s: security-libs

      Description

      Per NIST SP 800-57 recommendation [1], RSA/DSA keys less than 1024 bits is only allowed for legacy use since 2014, and deprecated since 2011. The RSA key pair generation is till using 1024 bits as the default key size:

          public RSAKeyPairGenerator() {
              // initialize to default in case the app does not call initialize()
              initialize(1024, null);
          }

      We may also need to check the code for DSA and DH.

      We may want to make an improvement to use 2048 bits keys by default in JDK 8.

      [1] http://sim.ivi.co/2012/04/nist-security-strength-time-frames.html

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mullan Sean Mullan
                Reporter:
                xuelei Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: