Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled [v2]

On Thu, 18 Nov 2021 15:03:33 GMT, Sean Mullan wrote: >> We should, but the problem is that jarsigner needs to individually test each >> algorithm, so it can properly display which algorithm is restricted. So, I >> think it will need to parse the RSSASSA params itself, and then call the >> cons

Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled [v2]

On Tue, 16 Nov 2021 18:10:04 GMT, Sean Mullan wrote: >> When a signature/digest algorithm was being checked, the algorithm >> constraints checked both the signature/digest algorithm and the key to see >> if they were restricted. This caused duplicate checks and was also >> problematic for `jar

Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled [v2]

On Tue, 16 Nov 2021 17:53:16 GMT, Sean Mullan wrote: >> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line >> 1491: >> >>> 1489: private static String checkWeakAlg(String alg, >>> CertPathConstraintsParameters cpcp) { >>> 1490: try { >>> 1491: CER

Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled [v2]

> When a signature/digest algorithm was being checked, the algorithm > constraints checked both the signature/digest algorithm and the key to see if > they were restricted. This caused duplicate checks and was also problematic > for `jarsigner` (and `keytool`) which need to distinguish these two

Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

On Tue, 16 Nov 2021 01:07:55 GMT, Weijun Wang wrote: >> When a signature/digest algorithm was being checked, the algorithm >> constraints checked both the signature/digest algorithm and the key to see >> if they were restricted. This caused duplicate checks and was also >> problematic for `jar

Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

On Tue, 16 Nov 2021 01:41:50 GMT, Weijun Wang wrote: > I'm feeling we should completely dump checking for algorithms and switch to > checking algorithmIds. Even if currently it's only RSASSA-PSS, but suppose > one day we support the SHAKE256-LEN MessageDigest algorithm and I suppose > that LEN

Re: RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

On Mon, 8 Nov 2021 14:04:15 GMT, Sean Mullan wrote: > When a signature/digest algorithm was being checked, the algorithm > constraints checked both the signature/digest algorithm and the key to see if > they were restricted. This caused duplicate checks and was also problematic > for `jarsigne

RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

When a signature/digest algorithm was being checked, the algorithm constraints checked both the signature/digest algorithm and the key to see if they were restricted. This caused duplicate checks and was also problematic for `jarsigner` (and `keytool`) which need to distinguish these two cases,