Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8130132

jarsigner should emit warning if weak algorithms or keysizes are used

    XMLWordPrintable

Details

    • b96
    • Verified

    Backports

      Description

        The jarsigner tool should warn the user if a weak cryptographic algorithm is used, such as MD2 or MD5, or a weak keysize, such as RSA/DSA keys less than 1024 bits. This should apply to the key and certificate, and the digest and signature algorithms used to sign the JAR. We should still allow the JAR to be signed, but a warning indicating the risks of using a weak algorithm should emitted.

        Rather than hard-coding the algorithms, one way to implement this is to read the value of the jdk.certpath.disabledAlgorithms. Although this property is intended to only apply to certificates, the same restrictions are generally applicable to the algorithms used to sign code.

        Attachments

          Issue Links

            Activity

              People

                weijun Weijun Wang
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: