On Wed, 2 Mar 2022 00:13:41 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> It's been several years since we increased the default key sizes. Before > shifting to PQC, NSA replaced its Suite B cryptography recommendations with > the Commercial National Security Algorithm Suite which suggests: > > - SHA-384 for secure hashing > - AES-256 for symmetric encryption > - RSA with 3072 bit keys for digital signatures and for key exchange > - Diffie Hellman (DH) with 3072 bit keys for key exchange > - Elliptic curve [P-384] for key exchange (ECDH) and for digital signatures > (ECDSA) > > So, this proposed changes made the suggested key size and algorithm changes. > The changes are mostly in keytool, jarsigner and their regression tests, so > @wangweij Could you please take a look? > > Thanks! This pull request has now been integrated. Changeset: 313bc7f6 Author: Valerie Peng <valer...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/313bc7f64f69d8f352d495d2c35bea62aca910e4 Stats: 504 lines in 29 files changed: 326 ins; 8 del; 170 mod 8267319: Use larger default key sizes and algorithms based on CNSA Reviewed-by: weijun, xuelei ------------- PR: https://git.openjdk.java.net/jdk/pull/7652