Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8254943

Update the JAR file spec on EC and RSA signature block types

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P4
    • Resolution: Approved
    • Fix Version/s: 17
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      Hide
      There is no risk re-using the existing block type for a new algorithm. We just read the file as a PKCS #7 block and the real algorithm is embedded inside. The file extension is not used at all which means all .DSA or .RSA or .EC files are treated the same.
      Show
      There is no risk re-using the existing block type for a new algorithm. We just read the file as a PKCS #7 block and the real algorithm is embedded inside. The file extension is not used at all which means all .DSA or .RSA or .EC files are treated the same.
    • Interface Kind:
      File or wire format
    • Scope:
      SE

      Description

      Summary

      Add the EC signature block file type to JAR file spec, and renew the definitions of EC and RSA types.

      Problem

      The JAR file spec only mentions signature block types of RSA and DSA, but we've added EC long long ago. We also recently added support for new signature algorithms like RSASSA-PSS and EdDSA by reusing the existing RSA and EC types.

      Solution

      See below. This is spec change only. No new code change.

      Specification

      In the JAR File Specification, add the ".EC" signature block file extension (in retrospect) and clarify the extension's dependance on private key algorithms.

      diff --git a/closed/src/java.base/share/specs/jar/jar.md b/closed/src/java.base/share/specs/jar/jar.md
      --- a/closed/src/java.base/share/specs/jar/jar.md
      +++ b/closed/src/java.base/share/specs/jar/jar.md
      @@ -1,5 +1,5 @@
       ---
      -# Copyright (c) 1993, 2018, Oracle and/or its affiliates. All rights reserved.
      +# Copyright (c) 1993, 2021, Oracle and/or its affiliates. All rights reserved.
       #
      
       title: 'JAR File Specification'
      @@ -166,11 +166,11 @@
      
       The signature file for the JAR file. 'x' stands for the base file name.
      
      --   `x.DSA`
      +-   `x.DSA`, `x.RSA`, or `x.EC`
      
       The signature block file associated with the signature file with the
       same base file name. This file stores the digital signature of the
      -corresponding signature file.
      +corresponding signature file in a PKCS #7 structure.
      
       -   `services/`
      
      @@ -420,6 +420,7 @@
       -   `META-INF/*.SF`
       -   `META-INF/*.DSA`
       -   `META-INF/*.RSA`
      +-   `META-INF/*.EC`
       -   `META-INF/SIG-*`
      
       Note that if such files are located in `META-INF` subdirectories, they
      @@ -597,11 +598,12 @@
       These are binary files not intended to be interpreted by humans.
      
       Digital signature files have the same filenames as the .SF files but
      -different extensions. The extension varies depending on the type of
      -digital signature.
      +different extensions. The extension varies depending on the algorithm
      +of the signer's private key.
      
      --   `.RSA` (PKCS7 signature, SHA-256 + RSA)
      --   `.DSA` (PKCS7 signature, DSA)
      +-   `.RSA` (PKCS7 signature, for RSA or RSASSA-PSS keys)
      +-   `.DSA` (PKCS7 signature, for DSA keys)
      +-   `.EC` (PKCS7 signature, for EC or EdDSA keys)
      
       Digital signature files for signature algorithms not listed above must
       reside in the `META-INF` directory and have the prefix "`SIG-`". The

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
              Reviewed By:
              Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: