Bug ID: JDK-8057810 New defaults for DSA keys in jarsigner and keytool

JDK-8057810 : New defaults for DSA keys in jarsigner and keytool

Type: Enhancement
Component: security-libs

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2014-09-08
Updated: 2018-02-08
Resolved: 2014-11-05

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7	JDK 8	JDK 9	Other
6u171Fixed	7u161Fixed	8u151Fixed	9 b39Fixed	openjdk7uFixed

Related Reports

Duplicate :	JDK-8015258 - Use stronger default algorithm for DSA in keytool and jarsigner
Relates :	JDK-8015328 - Generate 2048 bit RSA and DSA keys by default

Sub Tasks

JDK-8058521 :	tooldoc change for JDK-8057810 - Resolved
JDK-8184341 :	Release Note: New defaults for DSA keys in jarsigner and keytool - Closed
JDK-8186054 :	Release Note: New defaults for DSA keys in keytool - Closed

Description

Now that we have added support for the SHA256withDSA algorithm and 2048-bit DSA keys in JDK 8, we should change jarsigner and keytool to make this the default sigalg/keysize for DSA keys.

Comments

sigalg for DSA changed again later. Release note is combined into JDK-8157389.
12-08-2017
Suggested release note: The default signature algorithms for DSA keys used in keytool and jarsigner are updated to SHA256withDSA. The key size for DSA keys used in keytool is updated to 2048 bits.
13-11-2014
Good point. Let me open another issue to add that as a requirement for JDK 9.
11-09-2014
I thought SHA256withDSA was not made default in jdk8 because it was not a Java SE requirement. Will it be for jdk9?
11-09-2014