I'm missing the motivation behind this question. Is the current set of
aliases causing some problem? Are they incomplete? Why is it bad that
"X9.62 prime256v1" works but "prime256v1" doesn't?
On 11/7/2018 10:05 PM, Weijun Wang wrote:
In CurveDB.java, we have
add("secp256r1 [NIST P-256, X9.62 prime256v1]", "1.2.840.10045.3.1.7", PD,
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
1, nameSplitPattern);
So the aliases of secp256r1 are now "NIST P-256" and "X9.62 prime256v1". Do we
really want to keep the organization name prefix after JDK-8208156? The alias can be used in
ECGenParameterSpec and the proposed keytool -groupname option.
The following shows this behavior.
jshell> KeyPairGenerator.getInstance("EC")
$3 ==> java.security.KeyPairGenerator$Delegate@64bfbc86
jshell> $3.initialize(new ECGenParameterSpec("secp256r1"))
jshell> $3.initialize(new ECGenParameterSpec("prime256v1"))
| Exception java.security.InvalidAlgorithmParameterException: Unknown curve
name: prime256v1
| at ECKeyPairGenerator.initialize (ECKeyPairGenerator.java:103)
| at KeyPairGenerator$Delegate.initialize (KeyPairGenerator.java:699)
| at KeyPairGenerator.initialize (KeyPairGenerator.java:436)
| at (#6:1)
jshell> $3.initialize(new ECGenParameterSpec("X9.62 prime256v1"))
Thanks
Max
On Nov 7, 2018, at 11:48 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
CSR updated. With such a generalized option, I won't recommend -groupname over
-keysize now, although I still intend to print some warning for EC.
Please take a review.
Thanks
Max