Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8130132

jarsigner should emit warning if weak algorithms or keysizes are used

    Details

    • Subcomponent:
    • Resolved In Build:
      b96
    • Verification:
      Verified

      Backports

        Description

        The jarsigner tool should warn the user if a weak cryptographic algorithm is used, such as MD2 or MD5, or a weak keysize, such as RSA/DSA keys less than 1024 bits. This should apply to the key and certificate, and the digest and signature algorithms used to sign the JAR. We should still allow the JAR to be signed, but a warning indicating the risks of using a weak algorithm should emitted.

        Rather than hard-coding the algorithms, one way to implement this is to read the value of the jdk.certpath.disabledAlgorithms. Although this property is intended to only apply to certificates, the same restrictions are generally applicable to the algorithms used to sign code.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  mullan Sean Mullan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: