Bug ID: 6561126 keytool should use larger default keysize for keypairs

6561126 : keytool should use larger default keysize for keypairs

Details

Type:	Enhancement	Submit Date:	2007-05-23
Status:	Resolved	Updated Date:	2012-08-14
Project Name:	JDK	Resolved Date:	2009-07-31
Component:	security-libs	OS:	solaris_10
Sub-Component:	java.security	CPU:	sparc
Priority:	P3
Resolution:	Fixed
Affected Versions:	7
Fixed Versions:	7

Related Reports

Relates:	JDK-6560751 - Update DSA implementation according to FIPS 186-3
Relates:	JDK-6865570 - sync doc changes for 6847026 and 6561126 to windows
Relates:	JDK-6569580 - Need to find a place for all constants used in Sun security providers

Sub Tasks

Description

Recent cryptanalysis has shown weaknesses (though not yet broken) in 1024 bit RSA keys: see http://www.theregister.com/2007/05/22/unreadable_writing_is_on_the_wall/

We should seriously consider increasing the keytool default keysize for generating keypairs
to 2048 for JDK 7. For DSA, this will require support for keys larger than 1024 - 
see 6560751.

Comments

EVALUATION

Change RSA default bitsize to 2948, change all SHA-1 to SHA-256.

2009-07-22

EVALUATION

http://hg.openjdk.java.net/jdk7/tl/jdk/rev/29b076bfeafd

2009-07-22

EVALUATION

Inside keytool, the key pair generator calls:
	    keyGen.initialize(keyBits, prng);
	    pair = keyGen.generateKeyPair();
Here, keyBits is either user specified or default to 1024 (or 256 for ECC), and prng is always a SecureRandom object. We can remove the initialize line when user has not specified a keysize. The default keysize thus will be consistent with those documented in "Java??? Cryptography Architecture
Sun Providers Documentation".

2007-05-24

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together