Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8171319 keytool should print out warnings when reading or generating cert/cert req using weak algorithms
  3. JDK-8176087

Release Note: keytool now prints warnings when reading or generating certificates/certificate requests/CRLs using weak algorithms

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: P2
    • Resolution: Delivered
    • Affects Version/s: 7u171, 8u151, 9
    • Fix Version/s: 9
    • Component/s: security-libs

      Backports

        Description

        With one exception, keytool will always print a warning if the certificate, certificate request, or CRL it is parsing, verifying, or generating is using a weak algorithm or key. When a certificate is from an existing `TrustedCertificateEntry`, either in the keystore directly operated on or in the `cacerts` keystore when the `-trustcacerts` option is specified for the `-importcert` command, keytool will not print a warning if it is signed with a weak signature algorithm. For example, suppose the file `cert` contains a CA certificate signed with a weak signature algorithm, `keytool -printcert -file cert` and `keytool -importcert -file cert -alias ca -keystore ks` will print out a warning, but after the last command imports it into the keystore, `keytool -list -alias ca -keystore ks` will not show a warning anymore.

        An algorithm or a key is weak if it matches the value of the `jdk.certpath.disabledAlgorithms` security property defined in the `conf/security/java.security` file.

          Activity

          Hide
          weijun Weijun Wang added a comment -
          The "exception" part is for JDK-8177569.
          Show
          weijun Weijun Wang added a comment - The "exception" part is for JDK-8177569 .

            People

            • Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: