JDK-8242812 : Default signature algorithm for an RSASSA-PSS key
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 15
  • Submitted: 2020-04-15
  • Updated: 2020-04-20
  • Resolved: 2020-04-20
Related Reports
CSR :  
JDK-8242184 - Default signature algorithm for an RSASSA-PSS key
Description
Summary
-------

Define the default signature algorithm of an RSASSA-PSS key for keytool and jarsigner.

Problem
-------

Both keytool and jarsigner support default signature algorithms when no `-sigalg` is specified. For example, SHA256withRSA for an RSA key. We need to define one for an RSASSA-PSS key.

Currently, an error occurs if it's not provided:

    $ keytool -genkeypair -keyalg rsassa-pss -storepass changeit -dname CN=A
    keytool error: java.lang.IllegalArgumentException: Cannot derive signature algorithm from RSASSA-PSS

Solution
--------

The default signature algorithm for an RSASSA-PSS key is RSASSA-PSS.

Specification
-------------

    diff --git a/closed/src/java.base/share/man/keytool.md b/closed/src/java.base/share/man/keytool.md
    --- a/closed/src/java.base/share/man/keytool.md
    +++ b/closed/src/java.base/share/man/keytool.md
    @@ -1241,16 +1241,17 @@
     algorithm (`-sigalg` option) is derived from the algorithm of the underlying
     private key to provide an appropriate level of security strength as follows:
     
    -keyalg   keysize   default sigalg
    --------  --------  --------------
    -DSA      any size  SHA256withDSA
    -RSA      \<= 3072  SHA256withRSA
    -         \<= 7680  SHA384withRSA
    -         \> 7680   SHA512withRSA
    -EC       \< 384    SHA256withECDSA
    -         \< 512    SHA384withECDSA
    -         = 512     SHA512withECDSA
    --------  --------  --------------
    +keyalg      keysize   default sigalg
    +----------  --------  --------------
    +DSA         any size  SHA256withDSA
    +RSA         \<= 3072  SHA256withRSA
    +            \<= 7680  SHA384withRSA
    +            \> 7680   SHA512withRSA
    +EC          \< 384    SHA256withECDSA
    +            \< 512    SHA384withECDSA
    +            = 512     SHA512withECDSA
    +RSASSA-PSS  any size  RSASSA-PSS
    +----------  --------  --------------
     
     **Note:**
     
    diff --git a/closed/src/jdk.jartool/share/man/jarsigner.md b/closed/src/jdk.jartool/share/man/jarsigner.md
    --- a/closed/src/jdk.jartool/share/man/jarsigner.md
    +++ b/closed/src/jdk.jartool/share/man/jarsigner.md
    @@ -226,16 +226,17 @@
     By default, the `jarsigner` command signs a JAR file using one of the following
     algorithms files depending on the type and size of the private key:
     
    -keyalg   keysize   default sigalg
    --------  --------  --------------
    -DSA      any size  SHA256withDSA
    -RSA      \<= 3072  SHA256withRSA
    -         \<= 7680  SHA384withRSA
    -         \> 7680   SHA512withRSA
    -EC       \< 384    SHA256withECDSA
    -         \< 512    SHA384withECDSA
    -         = 512     SHA512withECDSA
    --------  --------  --------------
    +keyalg      keysize   default sigalg
    +----------  --------  --------------
    +DSA         any size  SHA256withDSA
    +RSA         \<= 3072  SHA256withRSA
    +            \<= 7680  SHA384withRSA
    +            \> 7680   SHA512withRSA
    +EC          \< 384    SHA256withECDSA
    +            \< 512    SHA384withECDSA
    +            = 512     SHA512withECDSA
    +RSASSA-PSS  any size  RSASSA-PSS
    +----------  --------  --------------
     
     These default signature algorithms can be overridden by using the `-sigalg`
     option.
Comments
Moving retroactive CSR to Approved.
20-04-2020
This is a remedy CSR for the code change made in https://hg.openjdk.java.net/jdk/jdk/diff/7b8acad7456c/src/java.base/share/classes/sun/security/x509/AlgorithmId.java.
15-04-2020