[security-dev 00888]: code review request 6570344 Invalid RSA OID in sun.security.x509.AlgorithmId (original) (raw)
Xuelei Fan Xuelei.Fan at Sun.COM
Wed Jun 10 07:37:13 UTC 2009
- Previous message (by thread): [security-dev 00887]: hg: jdk7/tl/jdk: 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()
- Next message (by thread): [security-dev 00889]: Re: code review request 6570344 Invalid RSA OID in sun.security.x509.AlgorithmId
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
The RSA OID from sun.security.x509.AlgorithmId is 1.2.5.8.1.1. However no such OID seems to exist. The correct one should be 2.5.8.1.1.
ITU-T X.509 defined RSA encryption algorithm as: id-ea-rsa = {joint-iso-itu-t(2) ds(5) algorithm(8) encryptionAlgorithm(1) rsa(1)} rsa ALGORITHM ::= { KeySize IDENTIFIED BY id-ea-rsa }
However, the industry does not use the above specification, a serial of definitions of PKCS#1 are adopted instead (the PKIX WG of IETF adopts the PKCS#1 definitions). I think that is also why we did not get issue report on parsing a certificate with such a OID. BTW there is a defect report to deprecate the above definition. 1
Anyway, I think we need to correct "1.2.5.8.1.1" to "2.5.8.1.1" even no practical certificate issues reported by now.
Webrev: http://cr.openjdk.java.net/~xuelei/6570344/webrev.00/ Bug description: http://cr.openjdk.java.net/~xuelei/6570344/webrev.00/
Thanks, Xuelei
- Previous message (by thread): [security-dev 00887]: hg: jdk7/tl/jdk: 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication()
- Next message (by thread): [security-dev 00889]: Re: code review request 6570344 Invalid RSA OID in sun.security.x509.AlgorithmId
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]