diff --git a/closed/src/java.base/share/man/keytool.md b/closed/src/java.base/share/man/keytool.md index aa302588c1..28ee627628 100644 --- a/closed/src/java.base/share/man/keytool.md +++ b/closed/src/java.base/share/man/keytool.md @@ -368,15 +368,16 @@ perform. in a new keystore entry that is identified by its alias. The `-keyalg` value specifies the algorithm to be used to generate the key - pair, and the `-keysize` value specifies the size of each key to be - generated. The `-sigalg` value specifies the algorithm that should be used + pair. The `-keysize` value specifies the size of each key to be generated. + The `-groupname` value specifies the named group (for example, the standard + or predefined name of an Elliptic Curve) of the key to be generated. + + Only one of `-groupname` and `-keysize` can be specified. + + The `-sigalg` value specifies the algorithm that should be used to sign the certificate. This algorithm must be compatible with the `-keyalg` value. - The `-groupname` value specifies the named group (for example, the standard - or predefined name of an Elliptic Curve) of the key to be generated. Only - one of `-groupname` and `-keysize` can be specified. - The `-signer` value specifies the alias of a `PrivateKeyEntry` for the signer that already exists in the keystore. This option is used to sign the certificate with the signer's private key. This is especially @@ -1304,11 +1305,14 @@ The following examples show the defaults for various option values: -keysize 2048 (when using -genkeypair and -keyalg is "DSA") 3072 (when using -genkeypair and -keyalg is "RSA", "RSASSA-PSS", or "DH") - 384 (when using -genkeypair and -keyalg is "EC") - 255 (when using -genkeypair and -keyalg is "EdDSA", or "XDH) 56 (when using -genseckey and -keyalg is "DES") 168 (when using -genseckey and -keyalg is "DESede") +-groupname + secp384r1 (when using -genkeypair and -keyalg is "EC", key size is 384) + ed25519 (when using -genkeypair and -keyalg is "EdDSA", key size is 255) + x25519 (when using -genkeypair and -keyalg is "XDH", key size is 255) + -validity 90 -keystore @@ -1332,15 +1336,15 @@ private key to provide an appropriate level of security strength as follows: Table: Default Signature Algorithms -keyalg keysize default sigalg +keyalg key size default sigalg ------- -------- -------------- DSA any size SHA256withDSA -RSA \< 624 SHA256withRSA (keysize is too small for using SHA-384) +RSA \< 624 SHA256withRSA (key size is too small for using SHA-384) \<= 7680 SHA384withRSA \> 7680 SHA512withRSA EC \< 512 SHA384withECDSA \>= 512 SHA512withECDSA -RSASSA-PSS \< 624 RSASSA-PSS (with SHA-256, keysize is too small for +RSASSA-PSS \< 624 RSASSA-PSS (with SHA-256, key size is too small for using SHA-384) \<= 7680 RSASSA-PSS (with SHA-384) \> 7680 RSASSA-PSS (with SHA-512) @@ -1350,23 +1354,21 @@ Ed25519 255 Ed25519 Ed448 448 Ed448 ------- -------- -------------- +* The key size, measured in bits, corresponds to the size of the private key. +This size is determined by the value of the `-keysize` or `-groupname` options +or the value derived from a default setting. + * An RSASSA-PSS signature algorithm uses a `MessageDigest` algorithm as its hash and MGF1 algorithms. -* EdDSA supports 2 key sizes: Ed25519 and Ed448. When generating an EdDSA key -pair using `-keyalg EdDSA`, a user can specify `-keysize 255` or `-keysize 448` -to generate Ed25519 or Ed448 key pairs. When no `-keysize` is specified, an -Ed25519 key pair is generated. A user can also directly specify `-keyalg Ed25519` -or `-keyalg Ed448` to generate a key pair with the expected key size. - **Note:** -To improve out of the box security, default key size and signature algorithm -names are periodically updated to stronger values with each release of the JDK. -If interoperability with older releases of the JDK is important, make sure that -the defaults are supported by those releases. Alternatively, you can use the -`-keysize` or `-sigalg` options to override the default values at your own -risk. +To improve out of the box security, default keysize, groupname, and signature +algorithm names are periodically updated to stronger values with each release +of the JDK. If interoperability with older releases of the JDK is important, +make sure that the defaults are supported by those releases. Alternatively, +you can use the `-keysize`, `-groupname`, or `-sigalg` options to override +the default values at your own risk. ## Supported Named Extensions diff --git a/closed/src/java.base/share/specs/jar/jar.md b/closed/src/java.base/share/specs/jar/jar.md index f22aeb9f33..e3172d180d 100644 --- a/closed/src/java.base/share/specs/jar/jar.md +++ b/closed/src/java.base/share/specs/jar/jar.md @@ -594,14 +594,14 @@ Digital signature files have the same filenames as the .SF files but different extensions. The extension varies depending on the algorithm of the signer's private key. -- `.RSA` (PKCS7 signature, for RSA or RSASSA-PSS keys) -- `.DSA` (PKCS7 signature, for DSA keys) -- `.EC` (PKCS7 signature, for EC or EdDSA keys) +- `.RSA` (PKCS7 signature, for RSA or RSASSA-PSS keys) +- `.EC` (PKCS7 signature, for EC or EdDSA keys) +- `.DSA` (PKCS7 signature, for DSA or any other key algorithm) -Digital signature files for signature algorithms not listed above must +Digital signature files not using the PKCS #7 format must reside in the `META-INF` directory and have the prefix "`SIG-`". The corresponding signature file (`.SF` file) must also have the same prefix. - +`` For those formats that do not support external signed data, the file shall consist of a signed copy of the `.SF` file. Thus some data may be duplicated and a verifier should compare the two files. diff --git a/closed/src/jdk.jartool/share/man/jarsigner.md b/closed/src/jdk.jartool/share/man/jarsigner.md index e0987104b3..51f91eed5f 100644 --- a/closed/src/jdk.jartool/share/man/jarsigner.md +++ b/closed/src/jdk.jartool/share/man/jarsigner.md @@ -236,7 +236,7 @@ the private key: Table: Default Signature Algorithms and Block File Extensions -keyalg keysize default sigalg block file extension +keyalg key size default sigalg block file extension ------- -------- -------------- -------------------- DSA any size SHA256withDSA .DSA RSA \< 624 SHA256withRSA .RSA @@ -257,6 +257,9 @@ are determined by the size of the key as specified in the table above. For example, an 3072-bit RSASSA-PSS key will use RSASSA-PSS as the signature algorithm and SHA-384 as the hash and MGF1 algorithms. +* If a key algorithm is not listed in this table, the `.DSA` extension +is used when signing a JAR file. + These default signature algorithms can be overridden by using the `-sigalg` option. @@ -577,8 +580,8 @@ the following standards: : Specifies the name of the message digest algorithm to use when digesting the entries of a JAR file. - For a list of standard message digest algorithm names, see Java Security - Standard Algorithm Names. + For a list of standard message digest algorithm names, see the Java Security + Standard Algorithm Names Specification. If this option isn't specified, then `SHA-384` is used. There must either be a statically installed provider supplying an implementation of the @@ -596,8 +599,8 @@ the following standards: `-addprovider` or `-providerClass` option; otherwise, the command doesn't succeed. - For a list of standard message digest algorithm names, see Java Security - Standard Algorithm Names. + For a list of standard signature algorithm names, see the Java Security + Standard Algorithm Names Specification. `-verify` : Verifies a signed JAR file. @@ -687,8 +690,8 @@ the following standards: See [Supported Algorithms]. - For a list of standard message digest algorithm names, see Java Security - Standard Algorithm Names. + For a list of standard message digest algorithm names, see the Java Security + Standard Algorithm Names Specification. `-internalsf` : In the past, the signature block file generated when a JAR file