On 10/10/18 6:23 AM, Severin Gehwolf wrote:
Hi,
What is the rationale of using DSA keys (2048 bit) as default for
genkeypair command?
http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120
There is really no other reason other than DSA keys have been the
default keypairs generated by keytool for a long time, so there are some
compatibility issues we would have to think through before changing it
to another algorithm such as RSA. Weijun might have more insight into that.
It seems a bad choice given that DSA keys are disabled via Fedora's
crypto policy (not just OpenJDK, but other crypto providers too).
Actually, only DSA keys < 1024-bit are disabled by default in OpenJDK.
Here the explanation from Nikos Mavrogiannopoulos from a Fedora bug[1]
as to why that's a bad choice:
"""
DSA is not used by new security protocols any more (doesn't exist as a
negotiation option under TLS1.3), and was a very rarely used option
under previous protocols (TLS1.2 or earlier). In fact only DSA-1024 is
documented under these protocols. DSA-2048 may or may not work
depending on the implementation (and even worse may not interoperate).
"""
Could the default choice of keyalg for genkeypair be reconsidered?
Yes, I think it should be considered since DSA is rarely used anymore
and not supported by newer security protocols such as TLS 1.3. I have
filed: https://bugs.openjdk.java.net/browse/JDK-8212003
--Sean
If not, why not?
Thanks,
Severin
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1582253
