Traditionally, an asymmetric key has a key size. The size is displayed by `keytool` and `jarsigner`, both in informational output and weak-key warnings. However, for the recently added ML-DSA algorithm, key size is not defined.
Thus when an ML-DSA key is created, `keytool` shows Generating -1 bit ML-DSA-65 key pair... When the entry is being displayed by `keytool -list -v`, it shows Subject Public Key Algorithm: -1-bit ML-DSA-65 key If the algorithm is disabled, `keytool -list` shows <x> uses a -1-bit ML-DSA-65 key which is considered a security risk... Furthermore, if a JAR file is signed by ML-DSA, `jarsigner -verify` also shows Signature algorithm: ML-DSA-65, unknown size or when the algorithm is disabled, it shows Signature algorithm: ML-DSA-65, -1-bit key (disabled) The ML-DSA-65 signing key has a keysize of -1 which is considered a security risk. With this code change, a key can either has a key size, or characterized by a `NamedParameterSpec`, and the display chooses one of them. One special case is EC keys, which have both a keysize and a `NamedParameterSpec`. Both are displayed. ------------- Commit messages: - the fix Changes: https://git.openjdk.org/jdk/pull/22735/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=22735&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8342062 Stats: 231 lines in 11 files changed: 79 ins; 69 del; 83 mod Patch: https://git.openjdk.org/jdk/pull/22735.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/22735/head:pull/22735 PR: https://git.openjdk.org/jdk/pull/22735
