JDK-8255132 : Release Note: Signed JAR Support for RSASSA-PSS and EdDSA
- Type: Sub-task
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 16
- Priority: P3
- Status: Closed
- Resolution: Delivered
- Submitted: 2020-10-21
- Updated: 2021-12-02
- Resolved: 2021-12-02
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 16 |
|---|
16Resolved  |
Description
This enhancement includes two main changes: 1. The JarSigner API and the `jarsigner` tool now support signing a JAR file with an RSASSA-PSS or EdDSA key. 2. Instead of signing the `.SF` file directly, `jarsigner` creates a [SignerInfo signedAttributes field](https://tools.ietf.org/html/rfc5652#section-11) which contains ContentType, MessageDigest, SigningTime, and [CMSAlgorithmProtection](https://tools.ietf.org/html/rfc6211). The field will not be generated if an alternative signing mechanism is specified by the `jarsigner` `-altsigner` option. Please note that although this field was not generated by `jarsigner` before this code change, it has always been supported when parsing the signature. This means newly signed JAR files with the field can be verified by earlier JDK releases.