JDK-6753664 : Support SHA256 (and higher) in SunMSCAPI
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 6,6u19
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp,windows_vista
  • CPU: x86
  • Submitted: 2008-09-29
  • Updated: 2011-05-25
  • Resolved: 2010-01-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u18 b05Fixed 7Fixed
Related Reports
Duplicate :  
Description
A DESCRIPTION OF THE REQUEST :
In the SunMSCAPI-Provider only these signature algorithms are implemented now:
SHA1withRSA
MD5withRSA
MD2withRSA

  To create secure digital signatures we need at least:
SHA256withRSA.

New alogithms should be implemented easily, because MSCAPI already supports them. But they are not registered in the provider an cannot be added at runtime.

JUSTIFICATION :
Currently (2008), the existing algorithms are not sufficient anymore.
German law enforces higher security for all new digital signatures. I expect similar laws in other countries.

Enlish Info: http://www.bundesnetzagentur.de (English) -> Areas -> Electronic Signature -> Publications and Notifications -> Suitable Algorithms

German Info: http://www.bundesnetzagentur.de -> Sachgebiete -> Qualifizierte Elektronische Signatur ->Ver��ffentlichungen -> Geeignete Algorithmen


CUSTOMER SUBMITTED WORKAROUND :
The only workaround would be to recompile sunmscapi.jar from the sources.
(As suggested in RFE 6578658)

Comments
EVALUATION Add support for SHA-2 stronger hash algorithms.
22-10-2009