One more thing: do you think we should allow "-siglag Ed25519" and "-sigalg Ed448"? It looks like we should support it because we can call Signature.getInstance() on it, but even if so, the block extension name will still be "EDD" (or "EdDSA").
--Max > On May 19, 2020, at 5:43 PM, Weijun Wang <weijun.w...@oracle.com> wrote: > > Please review the CSR at > > https://bugs.openjdk.java.net/browse/JDK-8245274 > > The most arguable is the new block extension names. I drafted "PSS" for > "RSASSA-PSS", and "EDD" for "EdDSA", since the old extension names never > exceeded 3 letters. If we do not care about this, we can just make them > "RSASSA-PSS" and "EdDSA". We've always treated the extension name in a > case-insensitive way but this needs some debugging. > > Another thing I haven't mentioned in the CSR is about using `-sigalg > RSASSA-PSS` for an RSA key. The hashAlgorithm and maskGenAlgorithm of the PSS > parameters will be determined by the key size of the key, i.e. > > // Same values for RSA and DSA > private static String ifcFfcStrength (int bitLength) { > if (bitLength > 7680) { // 256 bits > return "SHA512"; > } else if (bitLength > 3072) { // 192 bits > return "SHA384"; > } else { // 128 bits and less > return "SHA256"; > } > } > > and it's not adjustable. I don't know what the best place is for this info. > > Thanks, > Max >
