Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8228752

Define standard names for EC curves and TLS signature schemes

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 14
    • security-libs
    • None
    • minimal
    • Java API, System or security property

      Summary

      Define standard names for EC curves, TLS named groups and TLS signature schemes.

      Problem

      There are no standard names defined for these algorithms which are used in various APIs and system/security properties. Defining standard names will improve compatibility.

      Solution

      Add 2 new sub-sections to the "Additional JSSE Standard Names" section of the Java Security Standard Algorithm Names specification defining the standard names for TLS Named Groups and Signature Schemes. Also add a table for standard names for elliptic curves (used in the java.security.spec.ECGenParameterSpec API) to the "ParameterSpec Names" section.

      Specification

      See the specification (docs/specs/security/standard-names.html) in the attached "spec.zip" file. The new sections are:

      1. The "ParameterSpec Names" section starting with the text "The ECGenParameterSpec class in the java.security.spec package may be used to specify a set of elliptic curve parameters using the following names." The standard names are: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1.

      2. The "Signature Schemes" sub-section of "Additional JSSE Standard Names". The standard names are: ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ecdsa_sha1, ed25519, ed448, rsa_pkcs1_sha1, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512.

      3. The "Named Groups" sub-section of "Additional JSSE Standard Names". The standard names are: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, x25519, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192.

        1. spec.zip
          29 kB

            mullan Sean Mullan
            xuelei Xuelei Fan
            Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: