JDK-8255551 : Remove the directsign property and option
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 16
  • Submitted: 2020-10-28
  • Updated: 2020-10-30
  • Resolved: 2020-10-30
Related Reports
CSR :  
JDK-8255536 - Remove the directsign property and option
Relates :  
JDK-8245274 - Signed JAR support for RSASSA-PSS and EdDSA
Description
Summary
-------

Remove the newly added `directsign` JarSigner property and jarsigner option introduced in JDK-8245274.

Problem
-------

The new property/option is not easy to understand. It involves the internals of PKCS #7 and should not be exposed to a JarSigner user.

It's not always precise. When the altsign option is specified it is useless.

Finally and most important, the newly published [RFC 8933][1] recommends that the originator (here, the signer) include the CMSAlgorithmProtection attribute [RFC6211] in signed attributes for security reasons. This means we'd better not sign directly anymore.

Solution
--------

Remove the property and the option.

When the `altsign` property/option is specified to use an alternative signing mechanism (Note: this feature was already deprecated for removal), no signedAttrs is generated which means a direct sign. Otherwise, a signedAttrs is generated that contains the CMSAlgorithmProtection recommended in RFC 8933 which means an indirect sign. The behavior is no longer customizable.

Specification
-------------

1. Remove the description for the "directsign" property in method spec of `jdk.security.jarsigner.JarSigner$Builder::setProperty`.

2. Remove the paragraph for the `directsign` option in the man page source file jarsigner.md.

3. Remove the `directsign` option line in the `jarsigner --help` output.

  [1]: https://tools.ietf.org/html/rfc8933
Comments
Moving to Approved.
30-10-2020