-
Enhancement
-
Resolution: Fixed
-
P3
-
9
Default keysizes have been updated as part of JDK-8138653, so the security guides need to be updated:
1. http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html
Key Pair Generators
"For example, the Diffie-Hellman key pair generator supplied by the SunJCE provider uses a default prime modulus size (keysize) of 1024 bits."
s/1024/2048/
Algorithm Parameter Generators
"For example, the SunJCE provider uses a default prime modulus size (keysize) of 1024 bits for the generation of Diffie-Hellman parameters"
s/1024/2048
Default Initializations
"and the "SunJCE" provider uses a default modulus size (keysize) of 1024 bits for the generation of Diffie-Hellman parameters."
"For example, the DSA key pair generator in the Sun provider supplies a set of pre-computed p, q, and g default values for the generation of 512, 768, and 1024-bit key pairs."
s/and 1024-bit/1024, and 2048-bit/
2. http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
Keysize Restrictions
In the table for RSA for SunRsaSign provider, change the default (2nd column) from 1024 to 2048.
In both tables for Diffie-Hellman for SunJCE provider, change the default (2nd column) from 1024 to 2048.
In the table for RSA for SunMSCAPI provider, change the default (2nd column) from 1024 to 2048.
1. http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html
Key Pair Generators
"For example, the Diffie-Hellman key pair generator supplied by the SunJCE provider uses a default prime modulus size (keysize) of 1024 bits."
s/1024/2048/
Algorithm Parameter Generators
"For example, the SunJCE provider uses a default prime modulus size (keysize) of 1024 bits for the generation of Diffie-Hellman parameters"
s/1024/2048
Default Initializations
"and the "SunJCE" provider uses a default modulus size (keysize) of 1024 bits for the generation of Diffie-Hellman parameters."
"For example, the DSA key pair generator in the Sun provider supplies a set of pre-computed p, q, and g default values for the generation of 512, 768, and 1024-bit key pairs."
s/and 1024-bit/1024, and 2048-bit/
2. http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
Keysize Restrictions
In the table for RSA for SunRsaSign provider, change the default (2nd column) from 1024 to 2048.
In both tables for Diffie-Hellman for SunJCE provider, change the default (2nd column) from 1024 to 2048.
In the table for RSA for SunMSCAPI provider, change the default (2nd column) from 1024 to 2048.
- relates to
-
JDK-8138653 Default key sizes for the AlgorithmParameterGenerator and KeyPairGenerator implementations should be upgraded
-
- Resolved
-