-
Bug
-
Resolution: Fixed
-
P4
-
None
-
None
-
b14
Try disabling a curve by including its name inside the `jdk.disabled.namedCurves` security property and add `include jdk.disabled.namedCurves` in the `jdk.jar.disabledAlgorithms` security oroperty. The curve should be disabled.
If you sign a JAR file using such a key or verify a signed JAR signed with it, jarsigner will successfully point out the key is weak and the "signed" JAR is treated as unsigned. However, the warning messages do not explain why it's weak.
For the signing side, it shows
The EC signing key has a keysize of 256 which is considered a security risk and is disabled.
For the verification side (with -verbose) it shows
- Signed by "CN=a"
Digest algorithm: SHA-256
Signature algorithm: SHA256withECDSA, 256-bit key (disabled)
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=include jdk.disabled.namedCurves, MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
Here only the key algorithm and key size are displayed, but the reason why it's disabled -- the curve name -- is not there.
On the other hand, if we disable the curve in `jdk.certpath.disabledAlgorithms`, keytool is able to show
Subject Public Key Algorithm: 256-bit EC (secp256r1) key (weak)
Here it shows both the keysize and curve name.
BTW, adding `EC keysize < 300` can reach the same result, but in that case it's easier to understand why. Fortunately, we currently don't support multiple curves with the same keysize.
If you sign a JAR file using such a key or verify a signed JAR signed with it, jarsigner will successfully point out the key is weak and the "signed" JAR is treated as unsigned. However, the warning messages do not explain why it's weak.
For the signing side, it shows
The EC signing key has a keysize of 256 which is considered a security risk and is disabled.
For the verification side (with -verbose) it shows
- Signed by "CN=a"
Digest algorithm: SHA-256
Signature algorithm: SHA256withECDSA, 256-bit key (disabled)
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=include jdk.disabled.namedCurves, MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
Here only the key algorithm and key size are displayed, but the reason why it's disabled -- the curve name -- is not there.
On the other hand, if we disable the curve in `jdk.certpath.disabledAlgorithms`, keytool is able to show
Subject Public Key Algorithm: 256-bit EC (secp256r1) key (weak)
Here it shows both the keysize and curve name.
BTW, adding `EC keysize < 300` can reach the same result, but in that case it's easier to understand why. Fortunately, we currently don't support multiple curves with the same keysize.
- relates to
-
-
- Resolved
-
