Skip to main content

Please discuss: SHA256 Support in SunMSCAPI Provider

2 replies [Last post]
moses70
Offline
Joined: 2007-06-21
Points: 0

Lately I submitted a RFE regarding support for SHA256 in digital signatures:

http://bugs.sun.com/view_bug.do?bug_id=6753664

The issue is: SHA256 is supported as message digest in the JRE. But to create digital signatures, you need it combined with RSA:
SHA256withRSA
(Because the private key provider needs to do encryption with private key)

When you want to do digital signatures with a smartcard you have only theses options:
- Use SunMSCAPI an use a windows-supported smartcard
- Or use SunPKCS11 with a smartcard-provided pkcs11-DLL

Currently, in both cases, only MD5 and SHA1 is supported. But since this year these algorithms are not strong enough anymore.

If you also want to see support for stronger signatures, you could vote for the mentioned RFE. Or give your opinion here in this thread.

Kind regards
Reinhard

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
linuxhippy
Offline
Joined: 2004-01-07
Points: 0

Sun engineers set priority to "very low", so I guess it would need rather a lot of votes to make it happen anytime soon.
Have you considered contributing an implementation to OpenJDK, once its in it shouldn't take long until its available in Sun's JDK.

- Clemens

moses70
Offline
Joined: 2007-06-21
Points: 0

Yes, I consider. But I'm not a student anymore.
Security folk are a little bit slow, maybe they didn't realize yet that SHA-1 is already outdated.
So I will give them a few months before doing an implementation myself. And we have a brand new set of windows api for crypto in Vista and Srv08.