Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8205446

Add RSASSA-PSS Signature support to SunMSCAPI

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P2
    • Resolution: Approved
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      No risk. This is a new signature algorithm and no effect on existing functions and algorithms.
    • Interface Kind:
      Other
    • Scope:
      Implementation

      Description

      Summary

      Add RSASSA-PSS Signature support to SunMSCAPI, so that a private key generated and stored inside a native Windows keystore can be used to sign and verify using this algorithm. The algorithm is defined in PKCS#1 "RSA Cryptography Specifications" version 2.2 (RFC 8017).

      Problem

      The SunMSCAPI security provider does not support the RSASSA-PSS signature algorithm, which is mandatory for TLS 1.3. SunMSCAPI is the only security provider that can access a private key stored in a native Windows keystore.

      Solution

      Add an RSASSA-PSS Signature implementation to the SunMSCAPI provider.

      Specification

      In the SunMSCAPI section of https://docs.oracle.com/javase/10/security/oracle-providers.htm, add "RSASSA-PSS" into the Signature row.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
              Reviewed By:
              Bradford Wetmore
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: