On Thu, 1 Apr 2021 21:27:52 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with review comments
>
> src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
> line 104:
On Thu, 1 Apr 2021 17:04:33 GMT, Weijun Wang wrote:
>> As `RecoveryKey()` will make sure if the entry exists in the keystore and is
>> a `PrivateKeyEntry`, removed this checking and updated to check for if
>> `signerCert` is null.
>
> Yes, it must be a private key entry. On the other hand, I
On Thu, 1 Apr 2021 20:37:47 GMT, Hai-May Chao wrote:
>> Please review the changes that adds the -signer option to keytool
>> -genkeypair command. As key agreement algorithms do not have a signing
>> algorithm, the specified signer's private key will be used to sign and
>> generate a key
On Thu, 1 Apr 2021 16:49:19 GMT, Weijun Wang wrote:
>> Not sure the reason why a change is needed for the existing logic.
>
> With a signer, it makes no sense to create a single-cert array at the
> beginning. I am suggesting:
> X509Certificate newCert = keypair.getSelfCertificate(...);
>
> Please review the changes that adds the -signer option to keytool -genkeypair
> command. As key agreement algorithms do not have a signing algorithm, the
> specified signer's private key will be used to sign and generate a key
> agreement certificate.
> CSR review is at: