JDK-8172366 : Support SHA-3 based signatures
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2017-01-06
  • Updated: 2020-09-21
  • Resolved: 2020-09-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 16
16 b16Fixed
Related Reports
CSR :  
Relates :  
Relates :  
Sub Tasks
JDK-8253201 :  
Enhance default JDK providers with SHA-3 based signatures such as DSA, RSA, and ECDSA algorithms with SHA-3 family of digests.
Changeset: 40206822 Author: Valerie Peng <valeriep@openjdk.org> Date: 2020-09-15 20:28:48 +0000 URL: https://git.openjdk.java.net/jdk/commit/40206822

It seems that MS CNG does not have SHA3 support. So, no changes to SunMSCAPI provider. SunPKCS11 provider will be updated separately under a separate RFE https://bugs.openjdk.java.net/browse/JDK-8242332

Current list of covered signature algorithms under this RFE: SUN provider: 1) add impl for [SHA384/SHA512]withDSA signature, 2) add impl for [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withDSA signature, and 3) the corresponding [MD]withDSAinP1363Format for the above 6 signature algorithms. SunRsaSign provider: 1) add impl for [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withRSA signatures, and 2) enhanced RSASSA-PSS signature impl to accept PSS parameters using SHA3 digests SunEC provider: 1) add impl for [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withECDSA, and 2) the corresponding [MD]withECDSAinP1363Format for these 4 signature algorithms.

NIST defined SHA3 relevant algorithm oids here: https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration