Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 18
Affects Version/s: 18
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b25

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8294105	17.0.6	Goetz Lindenmaier	P3	Resolved	Fixed	b01
JDK-8292793	17.0.5-oracle	Prasadarao Koppula	P3	Resolved	Fixed	b07
JDK-8293909	17.0.5	Goetz Lindenmaier	P3	Resolved	Fixed	b06
JDK-8294106	11.0.18	Goetz Lindenmaier	P3	Resolved	Fixed	b01
JDK-8292927	11.0.17-oracle	Prasadarao Koppula	P3	Resolved	Fixed	b09
JDK-8294010	11.0.17	Goetz Lindenmaier	P3	Resolved	Fixed	b06
JDK-8300552	openjdk8u372	Alexey Bakhtin	P3	Resolved	Fixed	b01
JDK-8297922	openjdk8u362	Alexey Bakhtin	P3	Resolved	Fixed	b06
JDK-8292798	8u351	Prasadarao Koppula	P3	Resolved	Fixed	b08

For example, this is a JAR signed with a 1024-bit key:

jarsigner -signedjar signeda.jar -sigalg SHA256withRSA a.jar e1
jar signed.

Warning:
The SHA-256 algorithm specified for the -digestalg option is considered a security risk. This algorithm will be disabled in a future update.
The SHA256withRSA algorithm specified for the -sigalg option is considered a security risk. This algorithm will be disabled in a future update.
The RSA signing key has a keysize of 1024 which is considered a security risk. This key size will be disabled in a future update.
The signer certificate will expire within six months.
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2022-01-23).

backported by

JDK-8292793 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8292798 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8292927 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8293909 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8294010 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8294105 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8294106 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8297922 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

JDK-8300552 jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled

Resolved

blocks

JDK-8273236 keytool does not accurately warn about algorithms that are disabled but have additional constraints

Resolved

relates to

JDK-8277474 jarsigner does not check if algorithm parameters are disabled

Closed

JDK-8269039 Disable SHA-1 Signed JARs

Closed

links to

Commit openjdk/jdk8u/53620b38

Commit openjdk/jdk11u/e9ba9159

Commit openjdk/jdk17u/6bc6980a

Commit openjdk/jdk/03f8c0fb

Review openjdk/jdk8u-dev/197

Review openjdk/jdk8u/24

Review openjdk/jdk11u/56

Review openjdk/jdk17u/354

Review openjdk/jdk/6296

(4 backported by, 1 blocks, 2 relates to, 9 links to)

Assignee:: Sean Mullan

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2021-10-25 14:01

Updated:: 2023-01-18 07:48

Resolved:: 2021-11-19 06:37

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates