Add the EC signature block file type to JAR file spec, and renew the definitions of EC and RSA types.
The JAR file spec only mentions signature block types of RSA and DSA, but we've added EC long long ago. We also recently added support for new signature algorithms like RSASSA-PSS and EdDSA and we are reusing the RSA and EC types.
See below. This is spec change only. No new code change.
In the JAR File Specification, add the ".EC" signature block file extension (in retrospect) and clarify the extension's dependance on private key algorithms.
diff --git a/closed/src/java.base/share/specs/jar/jar.md b/closed/src/java.base/share/specs/jar/jar.md --- a/closed/src/java.base/share/specs/jar/jar.md +++ b/closed/src/java.base/share/specs/jar/jar.md @@ -1,5 +1,5 @@ --- -# Copyright (c) 1993, 2018, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1993, 2020, Oracle and/or its affiliates. All rights reserved. # title: 'JAR File Specification' @@ -166,11 +166,11 @@ The signature file for the JAR file. 'x' stands for the base file name. -- `x.DSA` +- `x.DSA`, `x.RSA`, or `x.EC` The signature block file associated with the signature file with the same base file name. This file stores the digital signature of the -corresponding signature file. +corresponding signature file in a PKCS #7 structure. - `services/` @@ -420,6 +420,7 @@ - `META-INF/*.SF` - `META-INF/*.DSA` - `META-INF/*.RSA` +- `META-INF/*.EC` - `META-INF/SIG-*` Note that if such files are located in `META-INF` subdirectories, they @@ -597,11 +598,12 @@ These are binary files not intended to be interpreted by humans. Digital signature files have the same filenames as the .SF files but -different extensions. The extension varies depending on the type of -digital signature. +different extensions. The extension varies depending on the algorithm +of the signer's private key. -- `.RSA` (PKCS7 signature, SHA-256 + RSA) -- `.DSA` (PKCS7 signature, DSA) +- `.RSA` (for RSA or RSASSA-PSS keys) +- `.DSA` (for DSA keys) +- `.EC` (for EC or EdDSA keys) Digital signature files for signature algorithms not listed above must reside in the `META-INF` directory and have the prefix "`SIG-`". The