JDK-8283475 : Release Note: Use larger default key sizes if not explicitly specified
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 19
  • Priority: P4
  • Status: Resolved
  • Resolution: Delivered
  • OS: generic
  • CPU: generic
  • Submitted: 2022-03-21
  • Updated: 2022-06-16
  • Resolved: 2022-04-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 19
19Resolved
Description
JDK providers use provider-specific default values if the caller does not specify a key size when using a `KeyPairGenerator` or `KeyGenerator` object to generate a key pair or secret key. With this enhancement, the default key sizes for various crypto algorithms have been increased as follows:
- RSA, RSASSA-PSS, DH: from 2048 to 3072
- EC: from 256 to 384
- AES: from 128 to 256 (if permitted by crypto policy), falls back to 128 otherwise.

In addition, the `jarsigner` tool will now use SHA-384 instead of SHA-256 as the default digest algorithm. The default signature algorithm for the `jarsigner` tool has also been adjusted accordingly. SHA-384 is used instead of SHA-256 except for longer key sizes whose security strength matches SHA-512. Note that for DSA keys, `jarsigner` will continue using SHA256withDSA as the default signature algorithm. This ensures maximum interoperability with older JDK releases. For more details, please refer to the `keytool` and `jarsigner` documentation.