United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6753664 Support SHA256 (and higher) in SunMSCAPI
JDK-6753664 : Support SHA256 (and higher) in SunMSCAPI

Details
Type:
Bug
Submit Date:
2008-09-29
Status:
Closed
Updated Date:
2011-05-25
Project Name:
JDK
Resolved Date:
2010-01-13
Component:
security-libs
OS:
windows_vista,windows_xp
Sub-Component:
javax.crypto
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
6,6u19
Fixed Versions:
6u18 (b05)

Related Reports
Backport:
Duplicate:

Sub Tasks

Description
A DESCRIPTION OF THE REQUEST :
In the SunMSCAPI-Provider only these signature algorithms are implemented now:
SHA1withRSA
MD5withRSA
MD2withRSA

  To create secure digital signatures we need at least:
SHA256withRSA.

New alogithms should be implemented easily, because MSCAPI already supports them. But they are not registered in the provider an cannot be added at runtime.

JUSTIFICATION :
Currently (2008), the existing algorithms are not sufficient anymore.
German law enforces higher security for all new digital signatures. I expect similar laws in other countries.

Enlish Info: http://www.bundesnetzagentur.de (English) -> Areas -> Electronic Signature -> Publications and Notifications -> Suitable Algorithms

German Info: http://www.bundesnetzagentur.de -> Sachgebiete -> Qualifizierte Elektronische Signatur ->Ver??ffentlichungen -> Geeignete Algorithmen


CUSTOMER SUBMITTED WORKAROUND :
The only workaround would be to recompile sunmscapi.jar from the sources.
(As suggested in RFE 6578658)

                                    

Comments
EVALUATION

Add support for SHA-2 stronger hash algorithms.
                                     
2009-10-22



Hardware and Software, Engineered to Work Together