Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8205446

Add RSASSA-PSS Signature support to SunMSCAPI

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P2 P2
    • None
    • security-libs
    • None
    • behavioral
    • minimal
    • No risk. This is a new signature algorithm and no effect on existing functions and algorithms.
    • Other
    • Implementation

      Summary

      Add RSASSA-PSS Signature support to SunMSCAPI, so that a private key generated and stored inside a native Windows keystore can be used to sign and verify using this algorithm. The algorithm is defined in PKCS#1 "RSA Cryptography Specifications" version 2.2 (RFC 8017).

      Problem

      The SunMSCAPI security provider does not support the RSASSA-PSS signature algorithm, which is mandatory for TLS 1.3. SunMSCAPI is the only security provider that can access a private key stored in a native Windows keystore.

      Solution

      Add an RSASSA-PSS Signature implementation to the SunMSCAPI provider.

      Specification

      In the SunMSCAPI section of https://docs.oracle.com/javase/10/security/oracle-providers.htm, add "RSASSA-PSS" into the Signature row.

            weijun Weijun Wang
            weijun Weijun Wang
            Bradford Wetmore
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: