JDK-8319846 : Add a jarsigner option to provide CMS::SignerInfo::digestAlgorithm
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: jdk.security
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2023-11-09
  • Updated: 2025-02-10
Related Reports
Relates :  
JDK-8349732 - Add support for JARs signed with ML-DSA
Description
The digestAlgorithm is normally determined by the signatureAlgorithm. For example, https://www.rfc-editor.org/rfc/rfc8419.html#section-3 requires SHA-512 for Ed25519 and https://www.rfc-editor.org/rfc/rfc8708.html#name-signed-data-conventions requires the same hash algorithm used in HSS/LMS. However, if a new algorithm is provided by a 3rd-party security provider and JDK itself is not aware of, or an algorithm is very new and no RFC has been published on the determination of the digestAlgorithm field, jarsigner (as well as the JarSigner API) won't be able to sign a JAR file.

It will be nice if there is a new option to provide this algorithm. We also need to determine what shall we do if JDK can already find one. Should the value always be used? Or should it only be used as a fallback when JDK cannot find one? Please note that unmatched digestAlgorithm and signatureAlgorithm might lead to unexpected behaviors.
Comments
My current idea is that the value should not be used when JDK can find one. At least, this kind of signed JAR files are very likely to be rejected at verification. Old HashWithEnc algorithms will not be able to use the correct signature algorithm, and new algorithms will reject the mismatch. So it can only be useful to generate an invalid JAR file for testing usages. Even if we use it, we will need to print out a warning message. On the other hand, if we decide not to use it, a warning message should also be shown. We can either create a new option (Ex: `-sidigestalg`) or reuse the existing `-sigalg` option to provide both algorithms in a single value, say `-sigalg Dilithium2,SHA-256`. Please note that we have reserved the `:` sign to provide extra parameters to an algorithm, for example, `-digestalg SHAKE256-LEN:240`. Or we can use the modifier function of an option, for example, `-sigalg Dilithium2 -sigalg:digestAlg SHA-256`.
09-11-2023