JDK-8015328 : Generate 2048 bit RSA and DSA keys by default
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2013-05-23
  • Updated: 2015-10-13
  • Resolved: 2015-10-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Related Reports
Duplicate :  
Relates :  
Relates :  
Per NIST SP 800-57 recommendation [1], RSA/DSA keys less than 1024 bits is only allowed for legacy use since 2014, and deprecated since 2011.  The RSA key pair generation is till using 1024 bits as the default key size:

    public RSAKeyPairGenerator() {
        // initialize to default in case the app does not call initialize()
        initialize(1024, null);

We may also need to check the code for DSA and DH.

We may want to make an improvement to use 2048 bits keys by default in JDK 8.

[1] http://sim.ivi.co/2012/04/nist-security-strength-time-frames.html
[Sean Mullan] I think this is a good idea and we should increase it to 2048. This change does seem to be acceptable since it is provider-specific as defined by the KeyPairGenerator API, but we should file a CCC since it is a behavior change.