Your fix looks fine.
Thanks.
> On 1 Mar 2016, at 19:21, Sean Mullan wrote:
>
> Updated webrev: http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.01/
>
> The following changes have been made:
>
> - The default key size for DSA has not been changed (stays at 1024) due to
> the high ris
Updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.01/
The following changes have been made:
- The default key size for DSA has not been changed (stays at 1024) due
to the high risk of breaking compatibility with applications still using
SHA1withDSA (key sizes larger th
My recollection is that the latest PKCS11 standard has been in the works
for a few years and there is no SHA-2 DSA signature support from Solaris
when we add the SHA-2 DSA support.
Valerie
On 2/24/2016 10:25 AM, Sean Mullan wrote:
On 02/24/2016 11:58 AM, Seán Coffey wrote:
I think you might
On 02/24/2016 11:58 AM, Seán Coffey wrote:
I think you might have forgotten the PKCS11 implementation Sean.
e.g.
src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
Good catch, although I think we should only increase the size for RSA
key pairs, since we don't yet
I think you might have forgotten the PKCS11 implementation Sean.
e.g.
src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
On a side note, I notice a discrepancy in the KeyPairGenerator javadoc.
It's more of an implNote issue :
If the algorithm is the/DSA/algorith
Please review this fix to improve security defaults by increasing the
default keysize of the RSA, DSA, and DiffieHellman implementations of
AlgorithmParameterGenerator and KeyPairGenerator from 1024 to 2048 bits:
http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.00/
Thanks,
Sean
