From 4a7113d3cf04f311db46004ae73f160640ba4ad3 Mon Sep 17 00:00:00 2001 From: igerasim Date: Thu, 7 Sep 2017 16:12:33 -0700 Subject: [PATCH] 8178466: Better RSA parameters Reviewed-by: mullan, ahgross --- .../classes/sun/security/tools/keytool/Main.java | 6 ++---- .../sun/security/util/SecurityProviderConstants.java | 6 +++--- .../provider/KeyAgreement/TestExponentSize.java | 12 ++++++------ 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java index 394bae494..fac7b5dcc 100644 --- a/src/share/classes/sun/security/tools/keytool/Main.java +++ b/src/share/classes/sun/security/tools/keytool/Main.java @@ -1711,11 +1711,9 @@ public final class Main { if ("EC".equalsIgnoreCase(keyAlgName)) { keysize = SecurityProviderConstants.DEF_EC_KEY_SIZE; } else if ("RSA".equalsIgnoreCase(keyAlgName)) { - // hardcode for now as DEF_RSA_KEY_SIZE is still 1024 - keysize = 2048; // SecurityProviderConstants.DEF_RSA_KEY_SIZE; + keysize = SecurityProviderConstants.DEF_RSA_KEY_SIZE; } else if ("DSA".equalsIgnoreCase(keyAlgName)) { - // hardcode for now as DEF_DSA_KEY_SIZE is still 1024 - keysize = 2048; + keysize = SecurityProviderConstants.DEF_DSA_KEY_SIZE; } } diff --git a/src/share/classes/sun/security/util/SecurityProviderConstants.java b/src/share/classes/sun/security/util/SecurityProviderConstants.java index 866f9fc8c..2631558c9 100644 --- a/src/share/classes/sun/security/util/SecurityProviderConstants.java +++ b/src/share/classes/sun/security/util/SecurityProviderConstants.java @@ -64,9 +64,9 @@ public final class SecurityProviderConstants { static { String keyLengthStr = GetPropertyAction.privilegedGetProperty (KEY_LENGTH_PROP); - int dsaKeySize = 1024; - int rsaKeySize = 1024; - int dhKeySize = 1024; + int dsaKeySize = 2048; + int rsaKeySize = 2048; + int dhKeySize = 2048; int ecKeySize = 256; if (keyLengthStr != null) { diff --git a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java index 6226fe919..0f40634ac 100644 --- a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java +++ b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -83,10 +83,10 @@ public class TestExponentSize { KeyPair kp; KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE"); - // Sun's default uses a default psize of 1024 and + // Sun's default uses a default psize of 2048 and // lsize of (pSize / 2) but at least 384 bits kp = kpg.generateKeyPair(); - checkKeyPair(kp, Sizes.ten24, Sizes.five12); + checkKeyPair(kp, Sizes.twenty48, Sizes.ten24); DHPublicKey publicKey = (DHPublicKey)kp.getPublic(); BigInteger p = publicKey.getParams().getP(); @@ -98,15 +98,15 @@ public class TestExponentSize { kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize())); kp = kpg.generateKeyPair(); - checkKeyPair(kp, Sizes.ten24, Sizes.ten24); + checkKeyPair(kp, Sizes.twenty48, Sizes.ten24); kpg.initialize(new DHParameterSpec(p, g, Sizes.five12.getIntSize())); kp = kpg.generateKeyPair(); - checkKeyPair(kp, Sizes.ten24, Sizes.five12); + checkKeyPair(kp, Sizes.twenty48, Sizes.five12); kpg.initialize(new DHParameterSpec(p, g, Sizes.two56.getIntSize())); kp = kpg.generateKeyPair(); - checkKeyPair(kp, Sizes.ten24, Sizes.two56); + checkKeyPair(kp, Sizes.twenty48, Sizes.two56); kpg.initialize(Sizes.five12.getIntSize()); kp = kpg.generateKeyPair(); -- GitLab