JDK-8243558 : JDK Provider Guide should document that DSA signature generation is now subject to a key strength check
- Type: Bug
- Component: docs
- Sub-Component: guides
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- Submitted: 2020-04-24
- Updated: 2022-06-27
- Resolved: 2020-05-12
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 15 | JDK 8 |
|---|---|---|
| 11.0.9-oracleFixed | 15Fixed  |
8u261Fixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
Description
The contents of the release note (https://bugs.openjdk.java.net/browse/JDK-8149394) should be added to the Sun provider section of the JDK Providers Guide, probably as a note in the Signature/DSA row: "For signature generation, if the security strength of the digest algorithm is weaker than the security strength of the key used to sign the signature (e.g. using (2048, 256)-bit DSA keys with SHA1withDSA signature), the operation will fail with the error message: "The security strength of SHA1 digest algorithm is not sufficient for this key size." See https://www.oracle.com/technetwork/java/javase/8u91-relnotes-2949462.html