On Fri, 13 Dec 2024 15:10:15 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Traditionally, an asymmetric key has a key size. The size is displayed by >> `keytool` and `jarsigner`, both in informational output and weak-key >> warnings. However, for the recently added ML-DSA algorithm, key size is not >> defined. >> >> Thus when an ML-DSA key is created, `keytool` shows >> >> Generating -1 bit ML-DSA-65 key pair... >> >> When the entry is being displayed by `keytool -list -v`, it shows >> >> Subject Public Key Algorithm: -1-bit ML-DSA-65 key >> >> If the algorithm is disabled, `keytool -list` shows >> >> <x> uses a -1-bit ML-DSA-65 key which is considered a security risk... >> >> Furthermore, if a JAR file is signed by ML-DSA, `jarsigner -verify` also >> shows >> >> Signature algorithm: ML-DSA-65, unknown size >> >> or when the algorithm is disabled, it shows >> >> Signature algorithm: ML-DSA-65, -1-bit key (disabled) >> The ML-DSA-65 signing key has a keysize of -1 which is considered a security >> risk. >> >> >> With this code change, a key can either has a key size, or characterized by >> a `NamedParameterSpec`, and the display chooses one of them. >> >> One special case is EC keys, which have both a keysize and a >> `NamedParameterSpec`. Both are displayed. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > no more combined output Note: The original commit included a feature to combine `Signature algorithm: ML-DSA-65, ML-DSA-65 key` into `Signature algorithm: ML-DSA-65`, since the ML-DSA-65 signature algorithm exclusively uses ML-DSA-65 keys, making the two always identical. However, it turns out that one of these two algorithms could be disabled while the other remains enabled. While displaying both may seem cumbersome, it more accurately highlights which algorithm is enabled and which is disabled. ------------- PR Comment: https://git.openjdk.org/jdk/pull/22735#issuecomment-2541698725
