subject:"Re\: RFR CSR for 8213400\: Support choosing curve name in keytool keypair generation"

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-08 Thread Adam Petcher

I'm missing the motivation behind this question. Is the current set of aliases causing some problem? Are they incomplete? Why is it bad that "X9.62 prime256v1" works but "prime256v1" doesn't? On 11/7/2018 10:05 PM, Weijun Wang wrote: In CurveDB.java, we have add("secp256r1 [NIST P-256, X9.62

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-08 Thread Adam Petcher

On 11/7/2018 8:53 PM, Weijun Wang wrote: Oh, I didn't know that. To make sure -keyalg matches KeyPairGenerator.getInstance(), I'd like to support it. If I read the impl correctly, you don't need to initialize it anymore and if you really want to initialize it the params must be the same.

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Xuelei Fan

I don't think the underlying provider is ready to support named curves. Additional RFEs may be required to standardize the names and improve the underlying provider. Xuelei On 11/7/2018 7:05 PM, Weijun Wang wrote: In CurveDB.java, we have add("secp256r1 [NIST P-256, X9.62 prime256v1]",

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Weijun Wang

In CurveDB.java, we have add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD, "0001", "0001FFFC",

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Weijun Wang

Oh, I didn't know that. To make sure -keyalg matches KeyPairGenerator.getInstance(), I'd like to support it. If I read the impl correctly, you don't need to initialize it anymore and if you really want to initialize it the params must be the same. Currently keytool always calls initialize().

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Xuelei Fan

On 11/7/2018 3:38 PM, Weijun Wang wrote: This sounds a little misleading to me. Alg name and alg params are 2 different things. This is like asking user to call KeyPairGenerator.getInstance("secp256r1"). Well, KeyPairGenerator.getInstance("x25519") is a case that JDK 11 has supported now.

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Xuelei Fan

Maybe, the -groupname/-curvename option can be replaced by extending the existing -keyalg option: -keyalg secp256r1 Then there is no conflict between the curve/group name and the key alg. Xuelei On 11/7/2018 7:48 AM, Weijun Wang wrote: CSR updated. With such a generalized option, I won't

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Weijun Wang

CSR updated. With such a generalized option, I won't recommend -groupname over -keysize now, although I still intend to print some warning for EC. Please take a review. Thanks Max > On Nov 7, 2018, at 10:36 PM, Adam Petcher wrote: > > One issue that just came to me: How will this work for

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Weijun Wang

I don't think there is any current AlgorithmParameterSpec that allow this for a KeyPairGenerator. When a curve name is used, keysize is calculated from the field size. --Max > On Nov 7, 2018, at 4:05 PM, Michael StJohns wrote: > > Inline below. > > On 11/6/2018 2:18 AM, Weijun Wang wrote:

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Adam Petcher

One issue that just came to me: How will this work for EdDSA? I think the CSR could be generalized a bit: 1) Make the first item in the "Solution" more general. Instead of limiting it to "EC" allow any valid algorithm/curve combination. 2) (Optional) Use -groupname instead of -curvename and

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-07 Thread Michael StJohns

Inline below. On 11/6/2018 2:18 AM, Weijun Wang wrote: On Nov 6, 2018, at 1:06 PM, Xuelei Fan wrote: On 11/5/2018 8:37 PM, Weijun Wang wrote: On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote: On 11/5/2018 7:13 PM, Weijun Wang wrote: Please take a review at the CSR at

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-06 Thread Weijun Wang

s >>>> Bernd >>>> Gruss >>>> Bernd >>>> -- >>>> http://bernd.eckenfels.net >>>> >>>> *Von:* security-dev im Auftrag von >>&

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-06 Thread Xuelei Fan

* Dienstag, November 6, 2018 7:38 AM *An:* Weijun Wang *Cc:* security-dev@openjdk.java.net *Betreff:* Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation On 11/5/2018 8:37 PM, Weijun Wang wrote: On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote: On 11/5/2018 7:13

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-06 Thread Weijun Wang

-- >> *Von:* security-dev im Auftrag von >> Xuelei Fan >> *Gesendet:* Dienstag, November 6, 2018 7:38 AM >> *An:* Weijun Wang >> *Cc:* security-dev@openjdk.java.net >> *Betreff:* Re: RFR CSR for 8213400: Support choosing curve name in keytool >>

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-06 Thread Xuelei Fan

://bernd.eckenfels.net *Von:* security-dev im Auftrag von Xuelei Fan *Gesendet:* Dienstag, November 6, 2018 7:38 AM *An:* Weijun Wang *Cc:* security-dev@openjdk.java.net *Betreff:* Re: RFR CSR for 8213400: Support choosing curve name

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-06 Thread Adam Petcher

On 11/6/2018 2:18 AM, Weijun Wang wrote: On Nov 6, 2018, at 1:06 PM, Xuelei Fan wrote: If the option "-keysize 256 -curvename sect163k1" work, I may think that the key size if 256 bits. I want to create a 256 bits sect163k1 EC key, and the tool allows this behavior, so I should get a 256

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-05 Thread Bernd Eckenfels

@openjdk.java.net Betreff: Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation On 11/5/2018 8:37 PM, Weijun Wang wrote: > >> On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote: >> >> On 11/5/2018 7:13 PM, Weijun Wang wrote: >>> Please take a

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-05 Thread Weijun Wang

> On Nov 6, 2018, at 1:06 PM, Xuelei Fan wrote: > > On 11/5/2018 8:37 PM, Weijun Wang wrote: >>> On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote: >>> >>> On 11/5/2018 7:13 PM, Weijun Wang wrote: Please take a review at the CSR at https://bugs.openjdk.java.net/browse/JDK-8213401

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-05 Thread Xuelei Fan

On 11/5/2018 8:37 PM, Weijun Wang wrote: On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote: On 11/5/2018 7:13 PM, Weijun Wang wrote: Please take a review at the CSR at https://bugs.openjdk.java.net/browse/JDK-8213401 As for implementation, I intend to report an error when -keyalg is not EC

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-05 Thread Weijun Wang

> On Nov 6, 2018, at 12:12 PM, Xuelei Fan wrote: > > On 11/5/2018 7:13 PM, Weijun Wang wrote: >> Please take a review at the CSR at >>https://bugs.openjdk.java.net/browse/JDK-8213401 >> As for implementation, I intend to report an error when -keyalg is not EC >> but -curvename is

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

2018-11-05 Thread Xuelei Fan

On 11/5/2018 7:13 PM, Weijun Wang wrote: Please take a review at the CSR at https://bugs.openjdk.java.net/browse/JDK-8213401 As for implementation, I intend to report an error when -keyalg is not EC but -curvename is provided. If both -curvename and -keysize are provided, I intend to

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

Re: RFR CSR for 8213400: Support choosing curve name in keytool keypair generation

21 matches

Site Navigation

Mail list logo

Footer information