Recent cryptanalysis has shown weaknesses (though not yet broken) in 1024 bit RSA keys: see http://www.theregister.com/2007/05/22/unreadable_writing_is_on_the_wall/
We should seriously consider increasing the keytool default keysize for generating keypairs
to 2048 for JDK 7. For DSA, this will require support for keys larger than 1024 -
Inside keytool, the key pair generator calls:
pair = keyGen.generateKeyPair();
Here, keyBits is either user specified or default to 1024 (or 256 for ECC), and prng is always a SecureRandom object. We can remove the initialize line when user has not specified a keysize. The default keysize thus will be consistent with those documented in "Java??? Cryptography Architecture
Sun Providers Documentation".
Change RSA default bitsize to 2948, change all SHA-1 to SHA-256.