On 5/19/2020 6:58 AM, Weijun Wang wrote:
One more thing: do you think we should allow "-siglag Ed25519" and "-sigalg
Ed448"?
I would like to have the two options.
It looks like we should support it because we can call Signature.getInstance() on it, but even if
so, the block extension name will still be "EDD" (or "EdDSA").
It may be a stupid question, can RSASSA-PSS share the 'rsa', and EdDSA
share or the 'ec' block file extension?
Xuelei
--Max
On May 19, 2020, at 5:43 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
Please review the CSR at
https://bugs.openjdk.java.net/browse/JDK-8245274
The most arguable is the new block extension names. I drafted "PSS" for "RSASSA-PSS", and "EDD" for
"EdDSA", since the old extension names never exceeded 3 letters. If we do not care about this, we can just make them
"RSASSA-PSS" and "EdDSA". We've always treated the extension name in a case-insensitive way but this needs some
debugging.
Another thing I haven't mentioned in the CSR is about using `-sigalg
RSASSA-PSS` for an RSA key. The hashAlgorithm and maskGenAlgorithm of the PSS
parameters will be determined by the key size of the key, i.e.
// Same values for RSA and DSA
private static String ifcFfcStrength (int bitLength) {
if (bitLength > 7680) { // 256 bits
return "SHA512";
} else if (bitLength > 3072) { // 192 bits
return "SHA384";
} else { // 128 bits and less
return "SHA256";
}
}
and it's not adjustable. I don't know what the best place is for this info.
Thanks,
Max
