Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8228752

Define standard names for EC curves and TLS signature schemes

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 14
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Risk:
      minimal
    • Interface Kind:
      Java API, System or security property

      Description

      Summary

      Define standard names for EC curves, TLS named groups and TLS signature schemes.

      Problem

      There are no standard names defined for these algorithms which are used in various APIs and system/security properties. Defining standard names will improve compatibility.

      Solution

      Add 2 new sub-sections to the "Additional JSSE Standard Names" section of the Java Security Standard Algorithm Names specification defining the standard names for TLS Named Groups and Signature Schemes. Also add a table for standard names for elliptic curves (used in the java.security.spec.ECGenParameterSpec API) to the "ParameterSpec Names" section.

      Specification

      See the specification (docs/specs/security/standard-names.html) in the attached "spec.zip" file. The new sections are:

      1. The "ParameterSpec Names" section starting with the text "The ECGenParameterSpec class in the java.security.spec package may be used to specify a set of elliptic curve parameters using the following names." The standard names are: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1.

      2. The "Signature Schemes" sub-section of "Additional JSSE Standard Names". The standard names are: ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ecdsa_sha1, ed25519, ed448, rsa_pkcs1_sha1, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512.

      3. The "Named Groups" sub-section of "Additional JSSE Standard Names". The standard names are: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, x25519, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mullan Sean Mullan
                Reporter:
                xuelei Xue-Lei Fan
                Reviewed By:
                Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: