On Wed, 31 May 2023 22:38:20 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Code changes for HSS/LMS that's related to keytool and jarsigner: > > 1. No need to add `-sigalg` for both tools when HSS/LMS key is involved, it > can only be `HSS/LMS`. > 2. The `digestAlgorithm` field in a PKCS7 `SignerInfo`. It must be the same > as the hash algorithm used by the HSS/LMS key. This needs to be enforced both > at signing and verification. > 3. HSS/LMS reuses `.DSA` as the signature block file extension inside a > signed JAR file src/java.base/share/classes/sun/security/pkcs/PKCS7.java line 872: > 870: */ > 871: @Deprecated(since="16", forRemoval=true) > 872: public static byte[] generateSignedData(byte[] signature, Are you sure you want to remove this as part of this change? If there was a reason this was deprecated for removal (perhaps some apps did use it even though they should not), then before removing it it probably makes sense to include it in a CSR, and maybe the RN too. src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 488: > 486: * directly. This makes difference for Ed448. > 487: */ > 488: public static void algorithmsConformanceCheck( Can this be private? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/14254#discussion_r1395919143 PR Review Comment: https://git.openjdk.org/jdk/pull/14254#discussion_r1395933577
