search

IBM / OpenJCEPlus

This project makes use of Java and C/C++. This project will create OpenJCEPlus and OpenJCEPlusFIPS cryptographic providers which are implementations of the Java™ Cryptography Extensions (JCE) APIs. The actual cryptographic code will come from the OpenCryptographyKitC project which is based on OpenSSL.
Apache License 2.0
4 stars 10 forks source link

Check the RSA keysize in Signature #90

Closed JinhangZhang closed 1 month ago

JinhangZhang commented 1 month ago

At least 2048 bits of RSA key can be used for Sign in Signature. However, current openjceplusfips provider can accept a RSA key which size is smaller than 1024.

Add a check in the engineInitSign() function to filter the keysize.

backport from https://github.com/IBM/OpenJCEPlus/pull/27

jasonkatonica commented 1 month ago

x86_64_windows, x86_64_linux, s390x_linux, ppcle_linux

KostasTsiounis commented 1 month ago

The copyright in RSAKeyFactory needs to be updated.