8178466: Better RSA parameters

Reviewed-by: mullan, ahgross

8178466: Better RSA parameters
Reviewed-by: mullan, ahgross
4a7113d3 · igerasim · 91f56a00 · 4a7113d3 · 4a7113d3 · 4a7113d3
3 changed file
--- a/src/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1711,11 +1711,9 @@ public final class Main {
            if ("EC".equalsIgnoreCase(keyAlgName)) {
                keysize = SecurityProviderConstants.DEF_EC_KEY_SIZE;
            } else if ("RSA".equalsIgnoreCase(keyAlgName)) {
-                // hardcode for now as DEF_RSA_KEY_SIZE is still 1024
-                keysize = 2048; // SecurityProviderConstants.DEF_RSA_KEY_SIZE;
+                keysize = SecurityProviderConstants.DEF_RSA_KEY_SIZE;
            } else if ("DSA".equalsIgnoreCase(keyAlgName)) {
-                // hardcode for now as DEF_DSA_KEY_SIZE is still 1024
-                keysize = 2048;
+                keysize = SecurityProviderConstants.DEF_DSA_KEY_SIZE;
            }
        }


--- a/src/share/classes/sun/security/util/SecurityProviderConstants.java
+++ b/src/share/classes/sun/security/util/SecurityProviderConstants.java
@@ -64,9 +64,9 @@ public final class SecurityProviderConstants {
    static {
        String keyLengthStr = GetPropertyAction.privilegedGetProperty
            (KEY_LENGTH_PROP);
-        int dsaKeySize = 1024;
-        int rsaKeySize = 1024;
-        int dhKeySize = 1024;
+        int dsaKeySize = 2048;
+        int rsaKeySize = 2048;
+        int dhKeySize = 2048;
        int ecKeySize = 256;

        if (keyLengthStr != null) {

--- a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
+++ b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
 /*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -83,10 +83,10 @@ public class TestExponentSize {
        KeyPair kp;
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE");

-        // Sun's default uses a default psize of 1024 and
+        // Sun's default uses a default psize of 2048 and
        // lsize of (pSize / 2) but at least 384 bits
        kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.five12);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);

        DHPublicKey publicKey = (DHPublicKey)kp.getPublic();
        BigInteger p = publicKey.getParams().getP();
@@ -98,15 +98,15 @@ public class TestExponentSize {

        kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
        kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.ten24);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);

        kpg.initialize(new DHParameterSpec(p, g, Sizes.five12.getIntSize()));
        kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.five12);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.five12);

        kpg.initialize(new DHParameterSpec(p, g, Sizes.two56.getIntSize()));
        kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.two56);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.two56);

        kpg.initialize(Sizes.five12.getIntSize());
        kp = kpg.generateKeyPair();