Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8230420

digestEncryptionAlgorithm in SignerInfo isn't using full signature algorithm for EC

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • P4
    • None
    • 7
    • security-libs
    • None

    Description

      Back in PKCS #7 1.5 (https://tools.ietf.org/html/rfc2315#section-9.2), this field contains a digestAlgorithm and a digestEncryptionAlgorithm, and we use SHA-1 and RSA.

      Then in CMS (https://tools.ietf.org/html/rfc2630#section-5.3), the 2nd field is renamed to signatureAlgorithm although https://tools.ietf.org/html/rfc2630#section-12.2.2 still claims RSA is a signature algorithm (Attention: not SHA1withRSA).

      Then in the ECC CMS (https://tools.ietf.org/html/rfc5753#section-2.1.1), “signatureAlgorithm contains the signature algorithm identifier (see Section 7.1.3): ecdsa-with-SHA1,…” (i.e. SHA1withECDSA). However, Java is still using only the key algorithm EC as digestEncryptionAlgorithm (we never renamed the field).

      Attachments

        Issue Links

          Activity

            People

              weijun Weijun Wang
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: