Bug ID: JDK-4524097 2048 bit keylength restriction for RSA keys should be removed

JDK-4524097 : 2048 bit keylength restriction for RSA keys should be removed

Type: Enhancement
Component: security-libs
Sub-Component: java.security
Affected Version: 1.4.0,1.4.1,5.0

Priority: P4
Status: Closed
Resolution: Duplicate
OS: generic,solaris_8
CPU: generic,sparc

Submitted: 2001-11-07
Updated: 2003-07-11
Resolved: 2003-07-11

Related Reports

Duplicate :	JDK-4699284 - Current JSSE does not support CA certificates with RSA keys of 4096 bits
Duplicate :	JDK-4788080 - SunRsaSign cannot handle keys greater than 2048 bits.
Relates :	JDK-4522417 - InvalidKeySpecException when parsing certificate
Relates :	JDK-6322976 - Michelin_PKI_CA Certificate can not be parsed in 1.4.2, works with 5.0

Description

The JSafe RSA implementation we are currently using in both the SunRsaSign and the SunJSSE provider enforces a maximum length of 2048 bit for RSA keys. Keys of longer length cannot be parsed and signatures generated with such keys cannot be verified.

We should see if this restriction can be lifted in a future release. See bug 4522417 for a real world certificate that includes a much longer key (16384 bit).

Comments

EVALUATION ###@###.### 2002-09-04 Yes, we should look into this. --- We will try to address this in Tiger. ###@###.### 2002-12-04

04-09-2002