On Wed, 14 Oct 2020 03:51:23 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Major points in CSR at https://bugs.openjdk.java.net/browse/JDK-8245274: >> >> - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in >> jarsigner >> >> - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a >> signed JAR) are reused for new signature >> algorithms >> >> - A new JarSigner property "directsign" >> >> - Updating the jarsigner tool doc >> >> Major code changes: >> >> - Always use the signature algorithm directly as >> SignerInfo::signatureAlgorithm. We used to use the encryption algorithm >> there like RSA, DSA, and EC. Now it's always SHA1withRSA or RSASSA-PSS. >> >> - Move signature related utilities methods from AlgorithmId.java to >> SignatureUtil.java >> >> - Add new SignatureUtil methods fromKey() and fromSignature() to simplify >> creating Signature and getting its AlgorithmId >> >> - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing >> >> - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of >> all old and new signature algorithms >> >> - Mark all -altsign related code deprecated and they can be removed once >> ContentSigner is removed > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > signing time, jarsigner -directsign, and digest algorithm check src/java.base/share/classes/sun/security/util/SignatureUtil.java line 210: > 208: new DerValue((byte) 2, new byte[]{2, 0})); // > int 512 > 209: } catch (IOException | NoSuchAlgorithmException e) { > 210: throw new AssertionError("Shoudl not happen", e); Shoudl => Should src/java.base/share/classes/sun/security/util/SignatureUtil.java line 215: > 213: } > 214: /** > 215: * Determines the digestEncryptionAlgorithmId in PKCS& SignerInfo. &=>7 src/java.base/share/classes/sun/security/util/SignatureUtil.java line 217: > 215: * Determines the digestEncryptionAlgorithmId in PKCS& SignerInfo. > 216: * > 217: * @param signer Signature object that tells you RSASA-PSS params RSASA=>RSASSA src/java.base/share/classes/sun/security/util/SignatureUtil.java line 221: > 219: * @param privateKey key tells you EdDSA params > 220: * @param directsign Ed448 uses different digest algs depending on > this > 221: * @return the digest alg alg => algid src/java.base/share/classes/sun/security/util/SignatureUtil.java line 218: > 216: * > 217: * @param signer Signature object that tells you RSASA-PSS params > 218: * @param sigalg Signature algorithm tells you who with who who with who? ------------- PR: https://git.openjdk.java.net/jdk/pull/322
