Java Growth Package (JDK) 22, launched by Oracle March 19 as the most recent model of ordinary Java, presents numerous safety enhancements, overlaying areas starting from an uneven key interface to a brand new safety choice for -XshowSettings that permits builders to simply show security-related settings.
In a March 20 weblog publish on Oracle’s inside.java internet web page, Sean Mullan, technical lead of the Java Safety libraries group and lead of the OpenJDK Safety Group, detailed the safety enhancements in JDK 22.
The java -Xshowsettings choice, which can be utilized to print system settings and different helpful details about the present JDK configuration, has been enhanced to indicate particulars about security-related settings. -Xshowsettings:safety will present all safety settings. Different choices will present the values of safety properties, the put in safety suppliers and their supported algorithms, or the enabled TLS protocols and cipher suites.
For cryptography, a brand new customary interface, java.safety.AsymmetricKey, has been added. It’s a subinterface of java.safety.key and represents an uneven key, which may both be non-public or public. Current java.safety.PublicKey and java.safety.PrivateKey courses have been retrofitted to be subinterfaces of AsymmetricKey. As future uneven algorithms are launched, the AsymmetricKey interface will enable earlier variations of Java SE to extra simply help new uneven algorithms representing parameters as a NamedParameterSpec, Mullan mentioned.
Additionally, the jdk.crytpo.ec module has been deprecated, with the intent to ultimately take away it. All code from the jdk.crytp.ec module has been moved to the java.base module, together with the SunEC safety supplier. The jdk.crypto.ec module is now empty however nonetheless exists. This transformation will make it simpler to deploy functions relying on elliptic curve cryptographic algorithims.
For PKI (public key infrastructure), 10 new root CA certificates have been added to the cacerts keystore, together with three eMudhra Applied sciences root CA certificates, 4 DigiCert root CA certificates, and one every from Let’s Encrypt, Telia, and Certigna.
For TLS (Transport Layer Safety), extra properties have been added to manage the utmost size of consumer and server certificates chains. And for XML signatures, the JDK implementation now helps XML signatures signed with RSA signature algorithms with SHA-3 digests.
JDK 22 extends functionaility for JCE (Java Cryptography Extension) help for the HSS/LMS signature algorithm, including HSS/LMS help to jarsigner and keytool utilities. Additionally, jarsigner now helps signing and verifying JAR information with the HSS/LMS algorithm whereas keytool now helps technology of HSS/LMS public key pairs. Nevertheless, JDK solely helps HSS/LMS signature verification. Builders will want a third-party supplier to signal JAR information with HSS/LMS.
Copyright © 2024 IDG Communications, Inc.
