JDK-8057810 : New defaults for DSA keys in jarsigner and keytool
  • Type: Enhancement
  • Component: security-libs
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2014-09-08
  • Updated: 2018-02-08
  • Resolved: 2014-11-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8 JDK 9 Other
6u171Fixed 7u161Fixed 8u151Fixed 9 b39Fixed openjdk7uFixed
Related Reports
Duplicate :  
Relates :  
Sub Tasks
JDK-8058521 :  
JDK-8184341 :  
JDK-8186054 :  
Now that we have added support for the SHA256withDSA algorithm and 2048-bit DSA keys in JDK 8, we should change jarsigner and keytool to make this the default sigalg/keysize for DSA keys.
sigalg for DSA changed again later. Release note is combined into JDK-8157389.

Suggested release note: The default signature algorithms for DSA keys used in keytool and jarsigner are updated to SHA256withDSA. The key size for DSA keys used in keytool is updated to 2048 bits.

Good point. Let me open another issue to add that as a requirement for JDK 9.

I thought SHA256withDSA was not made default in jdk8 because it was not a Java SE requirement. Will it be for jdk9?