Bug ID: JDK-8042967 Add variant of DSA Signature algorithms that do not ASN.1 encode the signature bytes

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 9
9 b52Fixed

The *withDSA Signature implementations generate the signature bytes as an ASN.1 DER-encoded sequence of r and s (this is what Signature.sign() returns and Signature.verify() accepts). This is in contrast to other standards such as XML Signature and implementations such as JSS and MSCrypto that do not DER encode the bytes.

When writing code that interoperates with those other systems or implementations, developers have commonly resorted to using the unsupported, internal sun.security.util APIs, using 3rd-party libraries that support an ASN.1 API, or writing the code themselves to convert the signature into an acceptable form.

Thus, it would be useful to add a variant of DSA Signature algorithms that do not ASN.1 encode the signature bytes. This could be accomplished by adding an AlgorithmParameterSpec subclass to indicate this, and calling the existing Signature.setParameter() method before signing or verifying.

Duplicate :	JDK-6971317 - Add new DSA/ECDSA algorithms that use IEEE P1363 format
Relates :	JDK-8062515 - Migrate use of sun.security.** to supported API
Relates :	JDK-8073261 - Add new P1363 Format Signature algorithms to security guides