> Traditionally, an asymmetric key has a key size. The size is displayed by > `keytool` and `jarsigner`, both in informational output and weak-key > warnings. However, for the recently added ML-DSA algorithm, key size is not > defined. > > Thus when an ML-DSA key is created, `keytool` shows > > Generating -1 bit ML-DSA-65 key pair... > > When the entry is being displayed by `keytool -list -v`, it shows > > Subject Public Key Algorithm: -1-bit ML-DSA-65 key > > If the algorithm is disabled, `keytool -list` shows > > <x> uses a -1-bit ML-DSA-65 key which is considered a security risk... > > Furthermore, if a JAR file is signed by ML-DSA, `jarsigner -verify` also shows > > Signature algorithm: ML-DSA-65, unknown size > > or when the algorithm is disabled, it shows > > Signature algorithm: ML-DSA-65, -1-bit key (disabled) > The ML-DSA-65 signing key has a keysize of -1 which is considered a security > risk. > > > With this code change, a key can either has a key size, or characterized by a > `NamedParameterSpec`, and the display chooses one of them. > > One special case is EC keys, which have both a keysize and a > `NamedParameterSpec`. Both are displayed.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: support all ECParameterSpec params ------------- Changes: - all: https://git.openjdk.org/jdk/pull/22735/files - new: https://git.openjdk.org/jdk/pull/22735/files/e08c8ffd..e28e70ed Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=22735&range=05 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=22735&range=04-05 Stats: 9 lines in 2 files changed: 3 ins; 1 del; 5 mod Patch: https://git.openjdk.org/jdk/pull/22735.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/22735/head:pull/22735 PR: https://git.openjdk.org/jdk/pull/22735
