I'm missing the motivation behind this question. Is the current set of
aliases causing some problem? Are they incomplete? Why is it bad that
"X9.62 prime256v1" works but "prime256v1" doesn't?
On 11/7/2018 10:05 PM, Weijun Wang wrote:
In CurveDB.java, we have
add("secp256r1 [NIST P-256, X9.62
On 11/7/2018 8:53 PM, Weijun Wang wrote:
Oh, I didn't know that.
To make sure -keyalg matches KeyPairGenerator.getInstance(), I'd like to
support it. If I read the impl correctly, you don't need to initialize it
anymore and if you really want to initialize it the params must be the same.
I don't think the underlying provider is ready to support named curves.
Additional RFEs may be required to standardize the names and improve the
underlying provider.
Xuelei
On 11/7/2018 7:05 PM, Weijun Wang wrote:
In CurveDB.java, we have
add("secp256r1 [NIST P-256, X9.62 prime256v1]",
In CurveDB.java, we have
add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
"0001",
"0001FFFC",
Oh, I didn't know that.
To make sure -keyalg matches KeyPairGenerator.getInstance(), I'd like to
support it. If I read the impl correctly, you don't need to initialize it
anymore and if you really want to initialize it the params must be the same.
Currently keytool always calls initialize().
On 11/7/2018 3:38 PM, Weijun Wang wrote:
This sounds a little misleading to me. Alg name and alg params are 2 different things.
This is like asking user to call KeyPairGenerator.getInstance("secp256r1").
Well, KeyPairGenerator.getInstance("x25519") is a case that JDK 11 has
supported now.
Maybe, the -groupname/-curvename option can be replaced by extending the
existing -keyalg option:
-keyalg secp256r1
Then there is no conflict between the curve/group name and the key alg.
Xuelei
On 11/7/2018 7:48 AM, Weijun Wang wrote:
CSR updated. With such a generalized option, I won't
CSR updated. With such a generalized option, I won't recommend -groupname over
-keysize now, although I still intend to print some warning for EC.
Please take a review.
Thanks
Max
> On Nov 7, 2018, at 10:36 PM, Adam Petcher wrote:
>
> One issue that just came to me: How will this work for
I don't think there is any current AlgorithmParameterSpec that allow this for a
KeyPairGenerator. When a curve name is used, keysize is calculated from the
field size.
--Max
> On Nov 7, 2018, at 4:05 PM, Michael StJohns wrote:
>
> Inline below.
>
> On 11/6/2018 2:18 AM, Weijun Wang wrote:
One issue that just came to me: How will this work for EdDSA? I think
the CSR could be generalized a bit:
1) Make the first item in the "Solution" more general. Instead of
limiting it to "EC" allow any valid algorithm/curve combination.
2) (Optional) Use -groupname instead of -curvename and
Inline below.
On 11/6/2018 2:18 AM, Weijun Wang wrote:
On Nov 6, 2018, at 1:06 PM, Xuelei Fan wrote:
On 11/5/2018 8:37 PM, Weijun Wang wrote:
On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote:
On 11/5/2018 7:13 PM, Weijun Wang wrote:
Please take a review at the CSR at
s
>>>> Bernd
>>>> Gruss
>>>> Bernd
>>>> --
>>>> http://bernd.eckenfels.net
>>>>
>>>> *Von:* security-dev im Auftrag von
>>&
* Dienstag, November 6, 2018 7:38 AM
*An:* Weijun Wang
*Cc:* security-dev@openjdk.java.net
*Betreff:* Re: RFR CSR for 8213400: Support choosing curve name in keytool
keypair generation
On 11/5/2018 8:37 PM, Weijun Wang wrote:
On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote:
On 11/5/2018 7:13
--
>> *Von:* security-dev im Auftrag von
>> Xuelei Fan
>> *Gesendet:* Dienstag, November 6, 2018 7:38 AM
>> *An:* Weijun Wang
>> *Cc:* security-dev@openjdk.java.net
>> *Betreff:* Re: RFR CSR for 8213400: Support choosing curve name in keytool
>>
://bernd.eckenfels.net
*Von:* security-dev im Auftrag
von Xuelei Fan
*Gesendet:* Dienstag, November 6, 2018 7:38 AM
*An:* Weijun Wang
*Cc:* security-dev@openjdk.java.net
*Betreff:* Re: RFR CSR for 8213400: Support choosing curve name
On 11/6/2018 2:18 AM, Weijun Wang wrote:
On Nov 6, 2018, at 1:06 PM, Xuelei Fan wrote:
If the option "-keysize 256 -curvename sect163k1" work, I may think that the
key size if 256 bits. I want to create a 256 bits sect163k1 EC key, and the tool allows
this behavior, so I should get a 256
@openjdk.java.net
Betreff: Re: RFR CSR for 8213400: Support choosing curve name in keytool
keypair generation
On 11/5/2018 8:37 PM, Weijun Wang wrote:
>
>> On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote:
>>
>> On 11/5/2018 7:13 PM, Weijun Wang wrote:
>>> Please take a
> On Nov 6, 2018, at 1:06 PM, Xuelei Fan wrote:
>
> On 11/5/2018 8:37 PM, Weijun Wang wrote:
>>> On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote:
>>>
>>> On 11/5/2018 7:13 PM, Weijun Wang wrote:
Please take a review at the CSR at
https://bugs.openjdk.java.net/browse/JDK-8213401
On 11/5/2018 8:37 PM, Weijun Wang wrote:
On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote:
On 11/5/2018 7:13 PM, Weijun Wang wrote:
Please take a review at the CSR at
https://bugs.openjdk.java.net/browse/JDK-8213401
As for implementation, I intend to report an error when -keyalg is not EC
> On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote:
>
> On 11/5/2018 7:13 PM, Weijun Wang wrote:
>> Please take a review at the CSR at
>>https://bugs.openjdk.java.net/browse/JDK-8213401
>> As for implementation, I intend to report an error when -keyalg is not EC
>> but -curvename is
On 11/5/2018 7:13 PM, Weijun Wang wrote:
Please take a review at the CSR at
https://bugs.openjdk.java.net/browse/JDK-8213401
As for implementation, I intend to report an error when -keyalg is not EC but
-curvename is provided. If both -curvename and -keysize are provided, I intend
to
21 matches
Mail list logo