Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8057810

New defaults for DSA keys in jarsigner and keytool

    Details

    • Resolved In Build:
      b39

      Backports

        Description

        Now that we have added support for the SHA256withDSA algorithm and 2048-bit DSA keys in JDK 8, we should change jarsigner and keytool to make this the default sigalg/keysize for DSA keys.

          Issue Links

            Activity

            mullan Sean Mullan created issue -
            mullan Sean Mullan made changes -
            Field Original Value New Value
            Fix Version/s 9 [ 14949 ]
            Hide
            weijun Weijun Wang added a comment -
            I thought SHA256withDSA was not made default in jdk8 because it was not a Java SE requirement. Will it be for jdk9?
            Show
            weijun Weijun Wang added a comment - I thought SHA256withDSA was not made default in jdk8 because it was not a Java SE requirement. Will it be for jdk9?
            Hide
            mullan Sean Mullan added a comment -
            Good point. Let me open another issue to add that as a requirement for JDK 9.
            Show
            mullan Sean Mullan added a comment - Good point. Let me open another issue to add that as a requirement for JDK 9.
            weijun Weijun Wang made changes -
            Status New [ 10000 ] Open [ 1 ]
            weijun Weijun Wang made changes -
            Security Confidential [ 10000 ]
            mullan Sean Mullan made changes -
            Link This issue relates to JDK-8058590 [ JDK-8058590 ]
            weijun Weijun Wang made changes -
            Summary Make SHA256withDSA the default jarsigner and keytool algorithm for DSA keys New defaults for DSA keys in jarsigner and keytool
            weijun Weijun Wang made changes -
            Description Now that we have added support for the SHA256withDSA algorithm in JDK 8, we should change jarsigner and keytool to make this the default algorithm for DSA keys.

            We should also change the keytool default keysize for DSA keypairs to 2048 bits.
            Now that we have added support for the SHA256withDSA algorithm and 2046-bit DSA keys in JDK 8, we should change jarsigner and keytool to make this the default sigalg/keysize for DSA keys.
            mullan Sean Mullan made changes -
            Description Now that we have added support for the SHA256withDSA algorithm and 2046-bit DSA keys in JDK 8, we should change jarsigner and keytool to make this the default sigalg/keysize for DSA keys. Now that we have added support for the SHA256withDSA algorithm and 2048-bit DSA keys in JDK 8, we should change jarsigner and keytool to make this the default sigalg/keysize for DSA keys.
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/7b5a3c338659
            User: weijun
            Date: 2014-11-05 09:15:42 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/7b5a3c338659 User: weijun Date: 2014-11-05 09:15:42 +0000
            hgupdate HG Updates made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolved In Build team [ 17324 ]
            Resolution Fixed [ 1 ]
            tidu Tim Du (Inactive) made changes -
            Link This issue relates to INTJDK-7614226 [ INTJDK-7614226 ]
            tidu Tim Du (Inactive) made changes -
            Link This issue relates to INTJDK-7614223 [ INTJDK-7614223 ]
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/7b5a3c338659
            User: lana
            Date: 2014-11-12 17:57:11 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/7b5a3c338659 User: lana Date: 2014-11-12 17:57:11 +0000
            hgupdate HG Updates made changes -
            Resolved In Build team [ 17324 ] master [ 18256 ]
            weijun Weijun Wang made changes -
            Labels release-note=yes
            Hide
            weijun Weijun Wang added a comment -
            Suggested release note: The default signature algorithms for DSA keys used in keytool and jarsigner are updated to SHA256withDSA. The key size for DSA keys used in keytool is updated to 2048 bits.
            Show
            weijun Weijun Wang added a comment - Suggested release note: The default signature algorithms for DSA keys used in keytool and jarsigner are updated to SHA256withDSA. The key size for DSA keys used in keytool is updated to 2048 bits.
            hgupdate HG Updates made changes -
            Resolved In Build master [ 18256 ] b39 [ 17426 ]
            mullan Sean Mullan made changes -
            Link This issue duplicates JDK-8015258 [ JDK-8015258 ]
            wetmore Bradford Wetmore made changes -
            Link This issue relates to JDK-8015328 [ JDK-8015328 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8084188 [ JDK-8084188 ]
            iris Iris Clark made changes -
            Labels release-note=yes jsr379-annex2-na release-note=yes
            weijun Weijun Wang made changes -
            Labels jsr379-annex2-na release-note=yes jsr379-annex2-na release-note=no
            Hide
            weijun Weijun Wang added a comment - - edited
            sigalg for DSA changed again later. Release note is combined into JDK-8157389.
            Show
            weijun Weijun Wang added a comment - - edited sigalg for DSA changed again later. Release note is combined into JDK-8157389 .
            iris Iris Clark made changes -
            Labels jsr379-annex2-na release-note=no jsr379-annex1-na release-note=no
            darcy Joe Darcy made changes -
            Link This issue csr of CCC-8057810 [ CCC-8057810 ]
            mullan Sean Mullan made changes -
            Link This issue relates to JDK-8180863 [ JDK-8180863 ]
            mullan Sean Mullan made changes -
            Labels jsr379-annex1-na release-note=no jsr379-annex1-na release-note=no security-disabled-algs-dsa-lt-2048
            mullan Sean Mullan made changes -
            Link This issue backported by JDK-8182303 [ JDK-8182303 ]
            mullan Sean Mullan made changes -
            Link This issue backported by JDK-8182304 [ JDK-8182304 ]
            mullan Sean Mullan made changes -
            Link This issue backported by JDK-8182305 [ JDK-8182305 ]
            mullan Sean Mullan made changes -
            Link This issue is blocked by JDK-8155115 [ JDK-8155115 ]
            mullan Sean Mullan made changes -
            Link This issue blocks JDK-8181511 [ JDK-8181511 ]
            mullan Sean Mullan made changes -
            Labels jsr379-annex1-na release-note=no security-disabled-algs-dsa-lt-2048 CPU17_04-critical-watch jsr379-annex1-na release-note=no security-disabled-algs-dsa-lt-2048
            igerasim Ivan Gerasimov made changes -
            Link This issue is blocked by JDK-8181048 [ JDK-8181048 ]
            mullan Sean Mullan made changes -
            Labels CPU17_04-critical-watch jsr379-annex1-na release-note=no security-disabled-algs-dsa-lt-2048 CPU17_04-critical-watch jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048
            rpallath Rajendrakumar Pallath made changes -
            Labels CPU17_04-critical-watch jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048 CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048
            rhalade Rajan Halade made changes -
            Labels CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048 CPU17_04-critical-SQE-OK CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048
            rhalade Rajan Halade made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048 CPU17_04-critical-SQE-OK CPU17_04-critical-request CPU17_04-regtest-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048
            rhalade Rajan Halade made changes -
            Link This issue relates to INTJDK-7626488 [ INTJDK-7626488 ]
            wyandi Winston Yandi made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-request CPU17_04-regtest-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048 CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-regtest-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8186241 [ JDK-8186241 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8186242 [ JDK-8186242 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8186247 [ JDK-8186247 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8186258 [ JDK-8186258 ]
            mullan Sean Mullan made changes -
            Link This issue is blocked by JDK-8155115 [ JDK-8155115 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8186377 [ JDK-8186377 ]
            yzhou Daisy Zhou made changes -
            Link This issue backport of JDK-8186503 [ JDK-8186503 ]
            coffeys Sean Coffey made changes -
            Link This issue relates to JDK-8186503 [ JDK-8186503 ]
            weijun Weijun Wang made changes -
            Link This issue backport of JDK-8186503 [ JDK-8186503 ]
            mullan Sean Mullan made changes -
            Labels CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-regtest-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048 CPU17_04-critical-SQE-OK CPU17_04-critical-approved CPU17_04-crypto-roadmap CPU17_04-regtest-request jsr379-annex1-na release-note=yes security-disabled-algs-dsa-lt-2048
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8188703 [ JDK-8188703 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8188733 [ JDK-8188733 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8189512 [ JDK-8189512 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8189570 [ JDK-8189570 ]
            bgopularam Bhanu Prakash Gopularam made changes -
            Link This issue relates to INTJDK-7626846 [ INTJDK-7626846 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8192627 [ JDK-8192627 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8194015 [ JDK-8194015 ]
            hgupdate HG Updates made changes -
            Link This issue backported by JDK-8197356 [ JDK-8197356 ]

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                mullan Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: