Details
-
Bug
-
Resolution: Fixed
-
P3
-
None
-
b29
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8236399 | 15 | Weijun Wang | P3 | Resolved | Fixed | b03 |
Description
The official Java Security Standard Algorithm Names incorrectly documents the Signature.*withECDSAinP1363Format algorithms as
SEQUENCE ::= { r INTEGER, s INTEGER }
This is incorrect. The IEEE P1363 Format is defined as concatenating the r and s values (with no ASN.1 encoding, but with appropriate padding). The implementations appear correct. This just appears to be a documentation issue. The documentation for Java 11, 12, and 13 would need to be updated.
I refer you to the Wikipedia page [2], item #7 that has the relevant information
[1]: https://docs.oracle.com/en/java/javase/12/docs/specs/security/standard-names.html#signature-algorithms
[2]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Signature_generation_algorithm
Source: https://mail.openjdk.java.net/pipermail/security-dev/2019-December/021050.html
SEQUENCE ::= { r INTEGER, s INTEGER }
This is incorrect. The IEEE P1363 Format is defined as concatenating the r and s values (with no ASN.1 encoding, but with appropriate padding). The implementations appear correct. This just appears to be a documentation issue. The documentation for Java 11, 12, and 13 would need to be updated.
I refer you to the Wikipedia page [2], item #7 that has the relevant information
[1]: https://docs.oracle.com/en/java/javase/12/docs/specs/security/standard-names.html#signature-algorithms
[2]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Signature_generation_algorithm
Source: https://mail.openjdk.java.net/pipermail/security-dev/2019-December/021050.html
Attachments
Issue Links
- backported by
-
JDK-8236399 Incorrect spec on ECDSA P1363 signature format
-
- Resolved
-