Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8130132

jarsigner should emit warning if weak algorithms or keysizes are used

XMLWordPrintable

    • b96
    • Verified

        The jarsigner tool should warn the user if a weak cryptographic algorithm is used, such as MD2 or MD5, or a weak keysize, such as RSA/DSA keys less than 1024 bits. This should apply to the key and certificate, and the digest and signature algorithms used to sign the JAR. We should still allow the JAR to be signed, but a warning indicating the risks of using a weak algorithm should emitted.

        Rather than hard-coding the algorithms, one way to implement this is to read the value of the jdk.certpath.disabledAlgorithms. Although this property is intended to only apply to certificates, the same restrictions are generally applicable to the algorithms used to sign code.

              weijun Weijun Wang
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: