-
Sub-task
-
Resolution: Delivered
-
P4
-
19
-
generic
-
generic
JDK providers use provider-specific default values if the caller does not specify a key size when using a `KeyPairGenerator` or `KeyGenerator` object to generate a key pair or secret key. With this enhancement, the default key sizes for various crypto algorithms have been increased as follows:
- RSA, RSASSA-PSS, DH: from 2048 to 3072
- EC: from 256 to 384
- AES: from 128 to 256 (if permitted by crypto policy), falls back to 128 otherwise.
In addition, the `jarsigner` tool will now use SHA-384 instead of SHA-256 as the default digest algorithm. The default signature algorithm for the `jarsigner` tool has also been adjusted accordingly. SHA-384 is used instead of SHA-256 except for longer key sizes whose security strength matches SHA-512. Note that for DSA keys, `jarsigner` will continue using SHA256withDSA as the default signature algorithm. This ensures maximum interoperability with older JDK releases. For more details, please refer to the `keytool` and `jarsigner` documentation.
- RSA, RSASSA-PSS, DH: from 2048 to 3072
- EC: from 256 to 384
- AES: from 128 to 256 (if permitted by crypto policy), falls back to 128 otherwise.
In addition, the `jarsigner` tool will now use SHA-384 instead of SHA-256 as the default digest algorithm. The default signature algorithm for the `jarsigner` tool has also been adjusted accordingly. SHA-384 is used instead of SHA-256 except for longer key sizes whose security strength matches SHA-512. Note that for DSA keys, `jarsigner` will continue using SHA256withDSA as the default signature algorithm. This ensures maximum interoperability with older JDK releases. For more details, please refer to the `keytool` and `jarsigner` documentation.