JDK-8205446 : Add RSASSA-PSS Signature support to SunMSCAPI
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P2
  • Status: Closed
  • Resolution: Approved
  • Submitted: 2018-06-20
  • Updated: 2018-06-21
  • Resolved: 2018-06-21
Related Reports
CSR :  
JDK-8205445 - Add RSASSA-PSS Signature support to SunMSCAPI
Description
Summary
-------

Add RSASSA-PSS Signature support to SunMSCAPI, so that a private key generated and stored inside a native Windows keystore can be used to sign and verify using this algorithm. The algorithm is defined in PKCS#1 "RSA Cryptography Specifications" version 2.2 (RFC 8017).

Problem
-------

The SunMSCAPI security provider does not support the  RSASSA-PSS signature algorithm, which is mandatory for TLS 1.3. SunMSCAPI is the only security provider that can access a private key stored in a native Windows keystore.

Solution
--------

Add an RSASSA-PSS Signature implementation to the SunMSCAPI provider.

Specification
-------------

In the SunMSCAPI section of https://docs.oracle.com/javase/10/security/oracle-providers.htm, add "RSASSA-PSS" into the Signature row.
Comments
Moving to Approved.
21-06-2018