Check the RSA keysize in Signature

IBM / OpenJCEPlus

This project makes use of Java and C/C++. This project will create OpenJCEPlus and OpenJCEPlusFIPS cryptographic providers which are implementations of the Java™ Cryptography Extensions (JCE) APIs. The actual cryptographic code will come from the OpenCryptographyKitC project which is based on OpenSSL.

Apache License 2.0

4 stars 10 forks source link

Check the RSA keysize in Signature #91

Closed JinhangZhang closed 1 month ago

JinhangZhang commented 1 month ago

At least 2048 bits of RSA key can be used for Sign in Signature. However, current openjceplusfips provider can accept a RSA key which size is smaller than 1024.

Add a check in the engineInitSign() function to filter the keysize.

backport from https://github.com/IBM/OpenJCEPlus/pull/27

KostasTsiounis commented 1 month ago

The copyright in RSAKeyFactory needs to be updated.

jasonkatonica commented 1 month ago

The copyright in RSAKeyFactory needs to be updated.

Yes agreed we should do this. Given that the other PRs have been merged in other branches to keep things consistant perhaps you could do another PR @jinhang to fix the copyrights as suggested?

We have decided to try to remember to do a range of dates such as 2023, 2024 when updating instead of ticking just the single date.

jasonkatonica commented 1 month ago

x86_64_linux, ppc64le_linux,s390x_linux,x86_64_windows