Bug ID: JDK-8015258 Use stronger default algorithm for DSA in keytool and jarsigner

Oracle Technology Network
Java
Java SE
Community
Bug Database

JDK-8015258 : Use stronger default algorithm for DSA in keytool and jarsigner

Type: Enhancement
Component: security-libs
Sub-Component: java.security

Priority: P3
Status: Closed
Resolution: Duplicate

Submitted: 2013-05-23
Updated: 2017-05-19
Resolved: 2014-12-02

Related Reports

Duplicate :	JDK-8057810 - New defaults for DSA keys in jarsigner and keytool
Relates :	JDK-8015328 - Generate 2048 bit RSA and DSA keys by default
Relates :	JDK-7193096 - keytool issue: not able to specify the provider for key generation

Description

According to NIST Recommendations (2012) [1] [2], algorithms weaker than SHA256 or DSA with 2048 bits of key length are disallowed after 2013. The default options of DSA should be

  keysize: 2048
  sigalg: SHA256withDSA

[1] http://www.keylength.com/en/4/
[2] http://sim.ivi.co/2012/04/nist-security-strength-time-frames.html

Comments

I thought we had a bug for this already, but I can't find it.

30-05-2013