I'm missing the motivation behind this question. Is the current set of aliases causing some problem? Are they incomplete? Why is it bad that "X9.62 prime256v1" works but "prime256v1" doesn't?

On 11/7/2018 10:05 PM, Weijun Wang wrote:
In CurveDB.java, we have

add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
     "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
     "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
     "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
     "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
     "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
     "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
     1, nameSplitPattern);

So the aliases of secp256r1 are now "NIST P-256" and "X9.62 prime256v1". Do we 
really want to keep the organization name prefix after JDK-8208156? The alias can be used in 
ECGenParameterSpec and the proposed keytool -groupname option.

The following shows this behavior.

jshell> KeyPairGenerator.getInstance("EC")
$3 ==> java.security.KeyPairGenerator$Delegate@64bfbc86

jshell> $3.initialize(new ECGenParameterSpec("secp256r1"))

jshell> $3.initialize(new ECGenParameterSpec("prime256v1"))
|  Exception java.security.InvalidAlgorithmParameterException: Unknown curve 
name: prime256v1
|        at ECKeyPairGenerator.initialize (ECKeyPairGenerator.java:103)
|        at KeyPairGenerator$Delegate.initialize (KeyPairGenerator.java:699)
|        at KeyPairGenerator.initialize (KeyPairGenerator.java:436)
|        at (#6:1)

jshell> $3.initialize(new ECGenParameterSpec("X9.62 prime256v1"))
Thanks
Max

On Nov 7, 2018, at 11:48 PM, Weijun Wang <weijun.w...@oracle.com> wrote:

CSR updated. With such a generalized option, I won't recommend -groupname over 
-keysize now, although I still intend to print some warning for EC.

Please take a review.

Thanks
Max


Reply via email to